A dearth of skilled workers is hampering Britain's ability to protect itself from costly internet attacks and it could take two decades to fill the gap.
The number of IT and cyber security professionals in the UK has not increased in line with the growth of the internet, spending watchdog the National Audit Office (NAO) said.
Government, education and business representatives told the NAO that the country lacks technical skills and the current pipeline of graduates will not meet demand.
The cost of cyber crime to Britain is currently thought to be up to £27 billion a year, while the government previously pledged £650 million in additional funding to its National Cyber Security Programme.
NAO head Amyas Morse said: "The threat to cyber security is persistent and continually evolving.
"Business, government and the public must constantly be alert to the level of risk if they are to succeed in detecting and resisting the threat of cyber attack."
The government's strategy has already started to deliver benefits, the NAO said, with the Serious Organised Crime Agency catching more than 2.3 million compromised debit or credit cards since 2011, preventing a potential loss of more than £500m.
But the watchdog warned that ministers must address the country's current and future cyber security skills gap, which includes a need for psychologists and law enforcers, as well as technical staff.
Education officials interviewed by the NAO said it could take "up to 20 years to address the skills gap at all levels of education".
The report on the NAO's review of the strategy for cyber security, said: "Interviews with government, academia and business representatives confirmed that the UK lacks technical skills and that the current pipeline of graduates and practitioners would not meet demand.
"A number of government departments commented that the UK depended on a small number of highly skilled people to participate in developing international technical standards.
"Interviewees were concerned about a lack of promotion of science and technology subjects at school resulting in the reported lower uptake of computer science and technology courses by UK students."
A shortage of IT and computer science experts has been raised before by ministers, while attracting and retaining talent is also a concern.
In 2012, the Intelligence and Security Committee highlighted GCHQ's inability to retain internet specialists in the face of competition from the private sector.
The government will also struggle to demonstrate the success of its multi-million pound strategy, the NAO said, as it will be measuring outcomes when the desired result is for nothing to happen.
MP Margaret Hodge, chair of the Public Accounts committee, said: "The use of the internet for commerce and communication is a force for good, but it also poses new and growing threats that government, businesses and individuals cannot ignore.
"With around 80% of the internet in private hands, crossing international boundaries and spanning different jurisdictions, the government cannot approach internet security in isolation.
"Having a robust and well thought-through strategy is crucial if the government is to respond effectively to cyber threats."
A Cabinet Office spokeswoman said: "Although we continue to face serious challenges the UK is on a stronger footing today than we were 12 months ago as we're addressing issues of cyber-crime and threats to national security and have achieved unprecedented partnership with industry.
"We agree that skills are crucial to cyber security which is why we are investing heavily in research and education through establishing new centres for excellence in cyber security research, cyber security skills among the police forces, centres of doctoral training in cyber security and supporting initiatives such as the cyber security challenge which uses innovative approaches to recruiting new talent into the cyber security sector."