A daunting and persistent shortfall in the global cybersecurity workforce has long plagued companies and industries, a recent report from (ISC)², a trade association for IT security professionals, said.
The non-profit’s 2019 Cybersecurity Workforce Study didn't confine itself to anecdotal data on the cybersecurity workforce gap but also quantified the number of workers in the field to give organizations a better handle on the problem. Some 3,200 individuals were interviewed who are responsible for security/cybersecurity in North America, Europe, Latin America and Asia-Pacific.
Some topline, eye-opening findings:
- The global cybersecurity workforce needs to grow by 145 percent to meet the demand for skilled cybersecurity talent. In the U.S. it needs to grow by 62 percent. “It’s a big task,” the report said.
- Nearly 805,000 cybersecurity professionals are estimated to be working in the U.S. The global workforce is about 2.8 million.
- The current cybersecurity workforce shortage in the U.S. approaches nearly 500,000.
Nearly two in three organizations in the study have a shortage of staff dedicated to cybersecurity, the top concern among survey respondents. Roughly half of cybersecurity professionals believe their organization is at moderate or extreme risk due to cybersecurity staff shortage. Still, despite the lack of skilled and experienced cybersecurity personnel worldwide there are reasons for optimism. One in particular is the increasing diversity and youth of the cybersecurity workforce, a clear indication that there’s an untapped demographic of workers. Some 30 percent of the survey’s respondents were women. And, 37 percent are below the age of 35.
Cybersecurity Labor Shortage: More Findings
Other examples for a shinier outlook include:
Job satisfaction is high.
- 71 percent of respondents in North America said they are satisfied with their jobs.
- 84 percent said they are where they expected to be in their careers, given their skills and experience.
Longevity is long.
- Survey respondents have an average of nine years in an IT role. They hold about four security organization certifications and three security organization memberships.
- 56 percent intended to work in this field.
- 42 percent of respondents’ first jobs after education were in cybersecurity.
- 65 percent intend to work in cybersecurity for the rest of their careers.
Salary is good.
- The average annual salary for cybersecurity pros in North America is $90,000.
Certifications are valued.
- Nearly 60 percent of cybersecurity professionals are pursuing a new security certification such as cloud security.
- 81 percent said they need additional certifications or training to prepare for future roles.
- 57 percent of organizations offer training and certification opportunities to employees.
- 48 percent said that their organization’s training budgets will be increasing in the next year.
- 70 percent of organizations prioritize training and promoting from within.
Cybersecurity Labor Shortage: Closing the Gap
Let the workforce building begin.
Building out a strong cybersecurity workforce, while challenging, can be accomplished both from inside and outside the organization, the report said. In the short term, it takes recruiting new staffers from a number of sources to grow from the outside. In the long run, developing IT cyber pros already on the job can build within the company.
Moving ahead.
The report outlines four strategies and tactics that organizations can use to build and retain cybersecurity teams:
- Highlight relevant on-the-job work experience, robust training and professional development and access to career advancement opportunities.
- Level-set applicant qualifications for a cybersecurity job. While most come from a computer and information sciences background, nearly 30 percent have backgrounds in business or engineering.
- Grow your cybersecurity workforce by recruiting new workers such as recent college graduates who have relevant degrees.
- Further develop your existing IT pros by identifying talented and motivated non-security focused IT professionals and paying for their cybersecurity training and/or certifications.
