The cybersecurity profession worldwide needs to add 3.4 million people to close the gap between open jobs and qualified workers, according to a new report by the International Information System Security Certification Consortium, commonly known as (ISC)² and widely regarded as the world's largest IT security organization.
Cyber Skills Gap Widens
Despite the cybersecurity workforce adding 464,000 jobs so far this year to an estimated 4.7 million professionals, the gap between available jobs and qualified workers to fill them has spiked by 26% from last year, the association said.
(ISC)² conducted a global study of nearly 12,000 individuals responsible for cybersecurity at their workplaces in May and June, 2022. The survey found that 70% of respondents report their organization do not have enough cybersecurity employees. More than half of organizations with workforce shortages contend that staff deficits put their organization at a "moderate" or "extreme" risk of a cyberattack.
The Good News
On a positive note, more than seven in 10 organizations intend to boost their cybersecurity staff in the next 12 months. That amounts to roughly 20 points higher than the predicted growth rate last year and 30 points more than the prior year.
To reduce the impact of staff shortages, organizations can retrain internal talent, rotate job assignments, begin mentorship programs and urge non-cybersecurity staffers to join the field, (ISC)2 said.
Clar Rosso, (ISC)² chief executive, put the survey results into perspective:
"As a result of geopolitical tensions and macroeconomic instability, alongside high-profile data breaches and growing physical security challenges, there is a greater focus on cybersecurity and increasing demand for professionals within the field. The study shows us that retaining and attracting strong talent is more important than ever. Professionals are saying loud and clear that corporate culture, experience, training and education investment and mentorship are paramount to keeping your team motivated, engaged and effective."
A Closer Look at the Results
Key findings of the (ISC)² report cover:
- 75% of respondents said strong job satisfaction and the same percentage feel passionate about cybersecurity work, yet 70% of respondents feel overworked.
- 68% of employees with low employee experience ratings indicate workplace culture impacts their effectiveness in responding to security incidents.
- Over half of workers said they would consider switching jobs if they are no longer allowed to work remotely.
- 28% of respondents said their organization actively listens and values the input of all staff.
Diversity, Equity and Inclusion
- 55% of employees believe diversity will increase among their teams within two years.
- Nearly 25% of respondents below age 30 consider gatekeeping and generational tensions as top-five challenges for the next two years, compared to 6% of workers 60 or older.
- 30% of female and 18% of non-white employees feel discriminated against at work, and only 40% of respondents state their organization offers employee DEI training.
Changing Perceptions and Current Events
- 64% of respondents seek new certifications for skills growth and stay current with security trends (53%).
- 20% of employees said that their organization would increase their security budget as the result of a breach. However, only 16% state that their organization would hire additional IT staff.
- 61% of cybersecurity professionals are primarily concerned by the potential risks of emerging technology (e.g., blockchain, AI, VR, quantum computing).