Can Cybersecurity Staffing Withstand a Recession? (ISC)² Research Report Examines the State of the Security Profession

by Jim Masters • Feb 17, 2023

(ISC)² has released new research examining the current state of the cybersecurity profession in light of a potential economic recession.

(ISC)² is an international nonprofit membership association focused on inspiring a safe and secure cyber world. The association of nearly 330,000 is comprised of certified cyber, information, software and infrastructure security professionals who are helping to advance the cybersecurity industry.

Is Cybersecurity Recession-Proof?

In its new research report, How the Cybersecurity Workforce Will Weather a Recession, (ISC)² found that despite looming recession concerns, cybersecurity teams will be least impacted by staffing cuts in 2023. The research highlights how C-suite executives view cybersecurity as an essential, valuable asset that is a strategic priority.

To assess the impact of a potential economic downturn on cybersecurity teams, (ISC)² polled 1,000 C-suite executives in December 2022 across Germany, Japan, Singapore, the U.K. and U.S. The survey found that 85% of respondents expect layoffs will be necessary at their organizations, but cybersecurity roles are expected to be the least affected by staff reductions.

Additionally, only 10% of organizations are likely to cut jobs in cybersecurity compared to other business areas, such as:

• Human resources (30%)
• Finance (24%)
• Operations (24%)
• Marketing (22%)
• Sales (22%)

(ISC)² reports that 87% of respondents believe a reduction in cybersecurity staff will lead to greater risks against cyberattacks, as well as recognition of the challenges associated with building their cybersecurity team when skilled workers are in short supply.

Commenting on the survey, (ISC)² CEO Clar Rosso said:

“The importance placed on cybersecurity professionals, even during uncertain economic times, suggests that top executives understand the critical need for a strong cybersecurity team now more than ever. This is not surprising given the upward trend in recent years where a weakening economy combined with political tensions has led to increased cyber threats. A key test for executives in 2023 will be their ability to sustain their commitment toward strengthening their organizations’ resilience against evolving cyberthreats amid emerging budgetary pressures.”

More From the Report

Key report findings include:

• 80% of participants believe a weakening economy will increase cyber threats.
• 87% of participants say reductions in their cybersecurity teams would increase risk for their organizations.
• 31% of respondents cited cybersecurity as the least likely to be impacted in a first round of layoffs.
• 74% of respondents are open to recruiting cybersecurity talent laid off elsewhere to bolster their own teams.
• 90% of participants said they increased cybersecurity hiring in the last two to three years.
• Salary was the least important factor when determining which staff would be impacted by layoffs compared to other factors such as performance and expertise/skill set.
• Cybersecurity professionals may face increased automation adoption, longer hours, more junior staff hiring and salary freezes due to economic conditions.

What’s Ahead for the Cybersecurity Profession?

Whether a global recession occurs in 2023 remains to be seen, (ISC)² asserts. However, staff reductions are already underway as companies seek to preemptively tighten their belts in the face of near-double-digit inflation across G20 nations.

For cybersecurity professionals, the field as a whole appears it will weather uncertain economic times better than other business functions, according to (ISC)². Therefore, even when considering layoffs across the board, C-suite executives are reluctant to cut their cybersecurity teams and say they will do what they can to retain talent and shield teams from downsizing for as long as they can.