The estimated current cybersecurity workforce is 2.8 million professionals, while the amount of additional trained staff needed to close the skills gap is 4.07 million professionals, according to (ISC)2. The data indicates a necessary cybersecurity workforce increase of 145% globally.
Cybersecurity workforce skills gap around the world
In the UK, the current cybersecurity workforce estimate is 289,000, alongside 121,000 in France and 133,000 in Germany. The shortage of skilled professionals across EMEA has grown to 291,000.
Among the key findings from the study:
- 65% of organizations report a shortage of cybersecurity staff; a lack of skilled/experienced cybersecurity personnel is the top job concern among respondents (36%)
- Two-thirds (66%) of respondents report that they are either somewhat satisfied (37%) or very satisfied (29%) in their jobs; and 65% intend to work in cybersecurity for their entire careers
- 30% of survey respondents are women; 23% of whom have security-specific job titles
- 37% are below the age of 35, and 5% are categorized as Generation Z, under 25 years old
- 62% of large organizations with more than 500 employees have a CISO; that number drops to 50% among smaller organizations
- 48% of organizations represented say their security training budgets will increase within the next year
What motivates infosec professionals
The study also examines motivations and career paths of cybersecurity professionals:
- The average North American salary for cybersecurity professionals is $90,000; those holding security certifications have an average salary of $93,000 while those without earn $76,500 on average
- 59% of cybersecurity professionals are currently pursuing a new security certification or plan to do so within the next year
- Just 42% of respondents indicate that they started their careers in cybersecurity; meaning 58% moved into the field from other disciplines
- Top recruiting sources outside of the core cybersecurity talent pool include new university graduates (28%), consultants/contractors (27%), other departments within an organization (26%), security/hardware vendors (25%) and career changers (24%)
Strategies for building up cybersecurity teams
In the face of the growing need to build the workforce and recruit new talent, there are four main strategies outlined in the report. These include:
- Highlighting training and professional development opportunities that contribute to career advancement
- properly level setting on applicant qualifications to make sure the net is cast as wide as possible for undiscovered talent
- attracting new workers such as recent college graduates who have tangential degrees to cybersecurity, or seasoned pros such as consultants and contractors into full-time roles
- strengthening from within by further developing and cross-training existing IT professionals with transferrable skills.
The study shows that cybersecurity and IT professionals are largely satisfied in their careers and optimistic about their futures. But the size of the current workforce still leaves a significant gap between the number of cybersecurity professionals working in the field and the number needed to keep organizations safe.