The State of Workforce Learning in Technology & IT Services

The Technology & IT Services L&D Imperative

The fastest-growing sector with the most acute skills challenge in Britain

UK technology and IT services employs approximately 2.18 million workers in 2024 (CompTIA, State of the Tech Workforce UK 2025), with the Digital Sector accounting for 1.77 million filled jobs — 5.2% of UK total filled jobs (DSIT). The tech sector is growing at two and a half times the rate of the rest of the economy (techUK). Over the next 10 years, tech occupation employment is expected to grow at twice the rate of overall employment across the economy.

A Sector Defined by the Speed of Change

Technology and IT services is unique among UK employment sectors in the speed at which its core knowledge base evolves. A software engineer's skills profile five years ago is materially different from what the market requires today. A cloud architect certified on one platform faces ongoing recertification as platforms evolve. A cybersecurity professional whose threat landscape knowledge is six months out of date is professionally compromised. The half-life of technical knowledge in this sector is measured in months, not years.

The sector faces a persistent and well-documented skills shortage. More than two million tech vacancies were advertised in the UK in 2024, with an estimated one million positions remaining unfilled. Women account for just 22% of IT specialists in the UK (BCS, 2025). IT and telecoms has the highest AI adoption rate of any UK sector at 29.5% (DSIT/ONS). The sector that is most actively deploying AI must also be the sector most actively developing the human skills to use it responsibly.

Three Forces Driving L&D Investment in Technology

1. Technical Skills Obsolescence & Competitive Differentiation. In technology services, the knowledge of the team IS the product. A managed service provider whose engineers are not current on the latest threat landscape, cloud platform updates or security frameworks cannot deliver the service quality clients expect. Structured technical CPD, certification pathways and skills investment are not optional overheads — they are the primary determinant of the service a technology business can sell.

2. Regulatory Compliance & Data Protection. Technology businesses handle some of the most sensitive data of any sector. Managed service providers, cloud hosting businesses, software developers and IT consultancies are all subject to UK GDPR, the Data Protection Act 2018, FCA requirements (for fintech), NHS data security requirements (for health tech), and the NIS2 Regulations for critical infrastructure operators.

3. Cybersecurity: The Training That Cannot Fail. A single phishing success that leads to a data breach can end a client relationship, trigger ICO enforcement, destroy a reputation built over years, and expose the business to unlimited liability. Regular, current, tested cybersecurity awareness training for every employee — technical and non-technical alike — is not a best practice in this sector. It is an existential operational requirement.

Technical Skills, Certifications & CPD

Building the technical depth that determines competitive capability

In technology services, technical skills ARE the product. The service a technology business can deliver, the contracts it can win, the premium it can charge, and the talent it can attract and retain — all are direct functions of the technical capability of its people. Structured technical CPD, certification pathways and vendor-specific training are revenue-generating investments.

Cloud Platform Certifications & Training

• AWS, Microsoft Azure and Google Cloud certifications: foundational through to professional and speciality levels; cloud architecture, cloud security, DevOps, cloud developer, solutions architect pathways.
• Microsoft 365 / Azure AD: for IT professionals managing Microsoft cloud environments; administration, security, compliance, endpoint management.
• Cloud security and governance: cloud security architecture, shared responsibility model, cloud compliance frameworks (ISO 27001, SOC 2).

Cybersecurity & Infrastructure

• CISSP, CISM, CompTIA Security+: recognised industry certifications for cybersecurity professionals at all career stages.
• ITIL Foundation and higher levels: IT service management framework; for IT service delivery, support and operations professionals.
• CompTIA A+, Network+, Server+: for IT support and infrastructure roles; foundational certification pathways.
• Penetration testing and ethical hacking: for dedicated security professionals; CEH, OSCP, PTES frameworks.

Software Development & Engineering

• Programming language updates: new language features, framework updates, deprecation management; staying current on the languages the team deploys.
• DevOps and DevSecOps: CI/CD pipelines, containerisation (Docker, Kubernetes), infrastructure as code, shift-left security practices.
• Agile and Scrum: for development teams and product organisations; certified practitioner pathways, ceremony facilitation, backlog management.
• Data engineering and analytics: SQL, Python, data warehousing, BI tools, data governance frameworks.

*Nuerofy AI Studio platform claims. See nuerofy.com/ai-studio.

AI Adoption, Ethics & Governance

Building the knowledge and the safeguards for the sector leading AI adoption

The IT and telecoms sector has the highest AI adoption rate of any UK sector at 29.5% (DSIT/ONS). Technology and IT services businesses are simultaneously the builders and the users of AI tools — developing AI-powered products for their clients while deploying AI tools in their own development, testing, support, sales and operations functions. This creates both the most advanced AI skills landscape of any UK sector and the most consequential AI governance obligations.

AI Skills for Tech Professionals

• Generative AI for software development: GitHub Copilot, ChatGPT API, Claude API — responsible use, code review obligations, intellectual property implications, hallucination risk in production code.
• Machine learning and data science fundamentals: for product teams incorporating ML; model training, evaluation, bias detection, explainability requirements.
• AI in IT operations (AIOps): AI-powered monitoring, anomaly detection, automated incident response, AIOps platform operation.
• Large language model deployment: prompt engineering, fine-tuning, RAG architectures, responsible deployment, safety evaluation.

AI Ethics & Governance for Technology Businesses

• UK GDPR and automated decision-making: Article 22 equivalent obligations when AI systems make or contribute to decisions about individuals; transparency, explainability, right to human review.
• Algorithmic bias and fairness: for product teams building AI-assisted features; testing for demographic bias, fairness metrics, responsible AI principles.
• EU AI Act awareness: for businesses with European operations or clients; prohibited AI practices, high-risk AI system classification, conformity assessment requirements.
• AI governance policy training: for all staff using AI tools; the organisation's AI governance policy, approved tools, data sharing restrictions, client disclosure obligations.
• Intellectual property and AI: copyright implications of AI-generated code and content; client contract obligations where AI is used in deliverable creation.

AI for L&D Professionals in Tech

L&D teams in technology businesses have a particular advantage: they can dogfood the AI learning tools they are deploying for clients. A L&D professional in a technology company who builds a rapid microlearning module on a new cloud security threat, deploys it to the technical team in hours, and tracks completion with automated evidence — is demonstrating exactly the capability that the organisation's own clients are being sold.

Compliance Reporting & Audit Readiness

From training records to ICO, FCA and client security audit confidence

When the ICO investigates a data breach, when an enterprise client audits its managed service provider's security training, when the FCA reviews compliance training for a regulated fintech business, when Cyber Essentials Plus certification requires evidence of staff awareness training, or when a SOC 2 auditor reviews the organisation's security awareness programme — the question is the same: can you demonstrate that every relevant person was trained, when they were trained, what the training covered, and whether they passed?

Technology-Specific Audit Requirements

Technology businesses face an unusually wide range of third-party audit requirements for training evidence. Enterprise clients increasingly include training evidence requirements in supplier due diligence. ISO 27001 Annex A.7 (People Security) requires documented security awareness training. SOC 2 Trust Services Criteria include ongoing security awareness training. FCA-regulated fintech businesses face SM&CR and Consumer Duty training evidence requirements.

Nuerofy Compliance Reporting for Technology Businesses

About This Report & About Nuerofy

How this report was built and who built it

A Note on Sources

The 2.18 million tech workers figure draws on CompTIA's State of the Tech Workforce UK 2025 report. The 1.77 million Digital Sector filled jobs figure draws on DSIT's Digital Sector Economic Estimates: Employment, January 2024–December 2024 (published July 2025, based on ONS Annual Population Survey data). The tech sector growing at 2.5x the rest of the economy draws on techUK published statements. The 29.5% AI adoption rate for IT/telecoms draws on DSIT/ONS published analysis. The 22% women in IT specialists figure draws on the BCS Gender Diversity in the Tech Sector Report 2025. All are publicly available.

Regulatory framework descriptions reflect publicly available ICO, FCA, NCSC, UK GDPR, Data Protection Act 2018, Worker Protection Act 2023 and Equality Act 2010 guidance. Not derived from a Nuerofy primary research survey at this time. This report does not constitute legal or regulatory advice.

About Nuerofy

Nuerofy is a next-generation, AI-powered Learning Management and Experience Platform (LMS/LXP). In technology and IT services, we work with software businesses, managed service providers, IT consultancies, cloud services organisations, fintech businesses, cybersecurity firms, data analytics businesses and in-house IT functions across every sector.

Our platform combines a library of 200+ ROSPA and CPD-accredited courses covering all core compliance topics, an AI Course Builder that converts security advisories, regulatory guidance and technical documentation into structured training in minutes, automated compliance renewal management, technical certification pathway tracking, 50+ language delivery, and ICO-, FCA- and client audit-ready compliance reporting.

Our mission: make every learning experience smarter, faster, and more human — and help technology businesses build the technically excellent, compliantly secure, AI-ready workforce their clients and the digital economy demand.