Our latest articles


Search articles

Making the Governments New Apprenticeship Levy Work for Cyber Security

In an effort to increase the skills of the UK’s labour force, the government proposed an apprenticeship levy, where companies that fit certain criteria will be obligated to hire and train apprentices. This month, the new levy is now in effect. However, for many companies in the UK, it will have come into effect long before they have had time to prepare appropriately.

Many firms are unsure about how the money should be spent, or are concerned that they won’t be able to spend it all. As firms that don’t use it will (as the saying goes) lose it, this effectively turns the levy into a straight forward additional tax burden, not to mention a source of additional stress.

Thankfully, there is a universal opportunity for businesses in all manner of industries to turn the levy into a serious boost for their ability to compete in today’s market – and that’s in making use of new government backed cyber security apprenticeships to boost their security and limit their exposure to risk of costly attacks and data loss.

This comes hot on the heels of a bad year for cyber security: in fact, 2016 was worst recorded year for cyber security attacks in the UK. As recently as January, the NHS saw a significant data breach when it was attacked by a targeted, socially engineered phishing virus that lead to the cancelling of 2,800 appointments.

Indeed, the UK as a whole is seeing a widening skills gap in cyber security that is becoming a growing threat to the entire UK corporate sector. Recent research suggests that the gap between employer demand for cyber security knowledge and the number of people actually trained and qualified to offer consultancy on the subject is the second largest in the world; the UK has just 31.6% of the people it needs to fill advertised cyber security roles, whereas the problem in countries such as Canada and the USA is half as bad. In general, North America has more than double the qualified workforce as a ratio of advertised jobs.

Whilst the implications of Brexit are too numerous for this article, the EU is moving towards a unified set of cyber security regulations that are going to be put in place in 2018 in the form of the ‘General Data Protection Regulation (GDPR)’. It’s clear that the UK is massively lagging behind; in the future UK firms may face regulatory complications if they want to do business with European partners that sign up for compliance with the scheme.


Cyber Security Apprenticeships – A Cost Effective Way of Mitigating Your Exposure to Risk

The apprenticeship levy offers a great opportunity for eligible companies to inject their organisation with useful skills that can help to mitigate operational and regulatory risks.

The levy will initially affect companies with a pay bill of more than £3million. The UK government will contribute 90 per cent of the cost of each apprentice; for companies with less than 50 employees this increases to 100%. Therefore, this makes the recruiting of a cyber-security apprentice particularly handy for those companies with a high pay bill but a comparatively lower number of employees – such as small specialised technology firms with large investments in technology, data and skilled personnel. Such firms often have the most to lose, being less likely than large firms to have cyber security staff in place. Such firms tend to have highly valuable data which makes them prime targets, so a chance to up skill their workforce (for free) cannot come a moment too soon.

Government Backed Cyber Security Apprenticeships

The government have put together 2 apprenticeship schemes:

Cyber Security Technologist, Level 4


This role is focused on prevention; apprentices will be trained in the arts of analysing your current environment for threats, and providing solutions to mitigate or solve the vulnerabilities that your organisation faces. It is a 24-month course that covers practical knowledge of cyber risk analysis and the technical knowledge to take steps to rectify vulnerabilities before they become breaches.

Cyber Security Intrusion Analyst, Level 4


This role is focused more on monitoring and response. Trained to detect breaches in network security in real time, apprentices on this path will deploy advanced software and expertise in detecting whether or not a breach has occurred. Also a 24-month course, apprentices will have enough expertise to consistently tell apart false positives from real alerts and add a crucial reactive layer to your enterprise security.


What Employers Need To Do

The apprenticeship levy itself is complicated. Broadly speaking, it applies to companies that:

  1. Have an annual pay bill of £3million or more;
  2. Are connected to other companies or charities for Employment Allowance which in total have an annual pay bill of more than £3 million.

You will have to pay 0.5% of the value of your pay bill towards the levy, broken down into monthly installments. If your pay bill was £3 million in total, this would be £15,000

The government offer this £15,000 sum as an allowance. This means that for some companies, up to the entire value of the levy will be covered by the government. This allowance will be given in full for an unconnected company, or split across all connected companies or charities where appropriate.

For a full breakdown of costs and next steps, the HMRC website have all the info you need.

With threats to UK businesses emerging from poor information security compounded by a lack of skilled cyber security workers, the new apprenticeship levy is well placed to help UK firms respond.

If you are interested in becoming an apprentice yourself, check out some of our cyber security apprenticeships. If you are a training provider, contact us today - we’d love to discuss how we can help you with sourcing students.