"As there are issues at the people, technology and process levels it would make sense to start by casting a broad net to evaluate the situation and then pull it in from there," he said. "From a process side this would include things like formalising a breach notification plan, and an incident response process should be put in place."
"The skills baseline should be drawn up based on industry standards. There are plenty of bodies that can provide a template in this regard, but priority should be given to recruit in areas where the most breaches have been reported, to maximise the benefits."
David Ferbrache, who previously worker in the MoD but is now technical director at KPMG's cyber security practice, said that the government has been progressive on addressing the skills gap - but the major problem is in properly fostering dialogue between government and industry.
He told Computerworld UK: "The bit I'm interested in is building bridges between industry and government - one of the things that strikes you is there needs to be a lot more understanding in government of the industry perspectives around security.
"The reverse is also true, so you end up with a big disconnect between people like CISOs in big firms, wrestling day-to-day with security investments, and governments who get very frustrated sometimes with why they're not taking this issue more seriously."
Ferbrache added that he original vision of the NCSC was building bridges between industry and government in cyber security.
"The reason they were moving into London was because they wanted to move beyond the donut in Cheltenham," he said. "They wanted to create a new space where, yes, there was going to be sensitive material handled but it was supposed to be a much more engaging and open space to bring in industry and have discussions."
"They made a start on that, but it's hard. You need cultural change, from being in government, from being in an intelligence agency, to then saying we're going to open the doors and bring in industry and actively involve them in working groups."
Sign up for CIO Asia eNewsletters.