Cybersecurity is no longer optional, it’s a fundamental requirement for business continuity, reputation management, and customer trust. A single breach can result in financial losses, legal complications, and long-term damage to a company’s credibility.
Following recent cyberattacks on major high-street retailers, the Robert Walters Market Intelligence team shared insights into the cybersecurity hiring landscape.
Cybersecurity continues to rank among the top five most in-demand skills across professional services. In the UK alone, there are around 17,000 active vacancies at any time, with demand projected to grow by 10–12% annually.
While large firms often lead in cybersecurity investment, small and medium-sized enterprises (SMEs) are increasingly vulnerable and require stronger digital defences. As SMEs become more digitally reliant, building cybersecurity capabilities across businesses of all sizes is critical to protecting the broader economy.
Speaking about the cyberattacks targeting the high-street retailers, Reader of School of Computer Science & Informatics, Cardiff University, Dr Charith Perera said, “I see three big reasons. First, global tension has moved online. Hackers backed by governments, crime rings and even rival companies all want retail data. It isn’t just card numbers anymore; shopping habits, delivery routes and stock levels can each be sold to different buyers. Think of poaching: the hide, horn and meat all go to separate markets, so every byte a retailer stores is now worth money to someone. Second, the retail “attack surface” has exploded. During and after the pandemic most brands bolted on click-and-collect, mobile apps and home-delivery links in a hurry. Those cloud tills and supplier APIs were great for customers but widened the doorway for attackers, while security budgets often stayed flat. Ransomware crews need only one leaked password to steal the data, lock the tills and demand payment because every lost trading hour hurts. Third, AI has lowered the barrier to entry. Easy-to-use tools now write phishing emails, scan exposed servers and hide malware code, jobs that once needed whole teams. High rewards, low effort and a crowd of willing buyers explain why shops are suddenly such tempting targets.”
Charith highlighted the visibility of South Asian talent in UK security operations centres but noted its scarcity in “boardrooms, research labs, and policy circles.” A key reason, he said, is “late exposure”—many students from South Asia only encounter cybersecurity after moving West for university, often feeling behind peers who “played Capture-the-Flag in school.”
To drive change, Charith advocates for “early, hands-on experience,” urging UK industry and academia to build cyber ranges, boot camps, and scholarships with South Asian universities. He also called on diaspora professionals to “mentor virtually and guest-lecture,” giving students real-world insight.
At home, he urged firms to widen graduate intakes, set diversity goals, and back networks like the British Asian Security Network. “Consistent outreach and visible success stories,” he said, “will bring more South Asian voices to the tables where security decisions are made.”
SMEs overlooked but not safe from hackers
With AI-driven attacks on the rise, cybersecurity is no longer a luxury but a necessity for SMEs—simple, cost-effective steps can greatly reduce their vulnerability. Emphasising how SMEs can better protect themselves from cyber threats, Dr Neeshé Khan, Research Fellow in Cyber Security at the University of Nottingham, said, “Many SMEs mistakenly believe they have nothing of value to hackers. In reality, they often serve as lucrative entry points to sensitive data or as back doors to larger organisations.”
She added that with AI-powered attacks becoming more sophisticated and harder to detect, SMEs are increasingly vulnerable—especially if they lack basic defences. “Improving cybersecurity doesn’t require expensive tools or expert teams,” Dr Khan explained. “Simple measures can go a long way—such as understanding your risks, encouraging open conversations about security with staff, learning from past mistakes, enabling free two-step verification tools like Google’s, using strong passwords, setting automatic app updates, and activating firewalls. These small steps can make a big difference.”
