STEM Education and Cybersecurity: Does the UK Do Enough?


Teaching science, technology, engineering, and maths (STEM) has been part of the UK national curriculum since its inception in the 80s. It came into sharper focus after a report in 2002, with more funding for students and teachers.

The UK’s cybersecurity market is the biggest in Europe, valued at £8.3 billion. Yet there is still a big skills shortage with 43 percent of tech leaders saying they had a deficit in recruiting in the field.

Is the focus on STEM enough to boost cybersecurity professionals in the country? Can the focus on STEM lead to better cybersecurity professionals?

Let’s explore the evidence.

STEM is embedded into education early

The UK National Curriculum focuses on STEM and computer science early. Starting in Key Stage 1 (KS1), students are taught the basics of algorithms and data representation.

Within the requirements for children as young as five years old is a basic understanding of passwords and reporting problems to adults. As students progress, they’re introduced to taking more responsibility for their online security, too.

Imparting this knowledge early on, in conjunction with learning about computers and the internet in general is vital. The more aware people are of cybersecurity in general, the safer they will be.

Having a focus on STEM and computing from a young age ensures that people who go on to work in every sector of the economy know the basics – how to read a URL, what a phishing attack is, how important using a VPN like Surfshark is, etc.

As students grow older and learn about critical thinking, following processes, and analysing anomalies, they’re also being armed with skills to keep them and their employers secure online.

Programmes like CyberFirst from the National Cyber Security Centre and STEM Learning from the University of York also give more tools for students and educators to be informed about cybersecurity. They are integrated into wider programmes and so become a natural part of education rather than a subject that can feel dense with talk of hacking and networks.

Employers recognise the benefits of a STEM-focussed education

Even with a strong STEM programme throughout compulsory education, the lack of graduates to fill jobs is still there and growing.

In a 2018 government study, employers said that they were able to recruit from the wider STEM pool of graduates – “Students from other STEM disciplines also develop specific skills and a type of mindset that is applicable to the cybersecurity field” the report said.

By working within the scientific method that a STEM-related degree offers, it’s easier to train people to be cybersecurity professionals. Clearly, the training offered by British universities is helping to make it the hub of online security that we noted earlier.

The report went on to say, “In recruiting graduates, most employers not only look for technical skills and basic knowledge of cybersecurity but also want other more rounded competencies including interpersonal skills, such as team working, problem-solving abilities, good writing skills, among others.”

The STEM education being offered to students is making sure they are ready to be part of a cybersecurity workforce that is going to shape the future of the economy. Bolstering the workforce with savvy employees and consumers is a huge benefit to cybersecurity.

STEM graduates crossover into computing jobs

In the UK at least, there are few cybersecurity undergraduate degrees. In fact, as of 2022, there are only 19 undergraduate courses that are specifically for cybersecurity. That’s an increase on the six noted in the government report we looked at earlier, but still low.

However, when we look at Master’s courses, the choice for graduates nearly doubles, with 35 MScs or MAs in the subject.

For students to get on to these courses, general computer science and STEM education is needed. We’ve seen already that the industry sees the benefits of general scientific education and universities do too.

In more general terms as well, this data from the American Census Bureau shows us how STEM graduates feed into the general path of computer workers in the USA.

Image Source: US Census Bureau (filtered by computer workers)

The data doesn’t break down into how many of those computer workers are in cybersecurity, but it’s estimated that there are 1.2 million cybersecurity jobs in the USA and 3.72 million jobs in IT in general, to give some perspective.

Clearly, STEM education in general contributes to a country with a well-developed cybersecurity awareness and skill level.

Does STEM really do enough to boost cybersecurity?

Some argue that STEM and universities, in general, aren’t doing enough to train graduates for the workplace.

In the USA, university education can lean towards theoretical rather than hands-on training that would be the preserve of vocational colleges with the education system. However, the UK’s higher and further education institutions work closely with industry to produce the right skills.

Although there are people skilled enough to fulfil cybersecurity roles, in general awareness of online security is still lacking. A report at the end of 2021 showed that only 27% of respondents understood the security risk in their online activities.

Yes, the UK has STEM and cybersecurity embedded in the education system and produces quality workers who can take roles in the field. That knowledge and awareness are still waiting to filter through to the wider workforce, though.