Cybersecurity workforce shortages: 67% report people deficits

The global cybersecurity workforce has reached 5.5 million people, an 8.7% increase from 2022, representing 440,000 new jobs, according to ISC2.

While this is the highest workforce ever recorded, the report shows that demand is still outpacing the supply. The cybersecurity workforce gap has reached a record high, with 4 million professionals needed to safeguard digital assets adequately.

The research also finds new challenges impacting professionals in the field, including economic uncertainty, artificial intelligence, fragmented regulations and skills gaps. Additionally, a challenging threat landscape continues to loom over the field, with 75% of cybersecurity professionals saying the current threat landscape is the most challenging it has been in the last five years.

Only 52% believe their organization has adequate tools and people to respond to cyber incidents over the next two to three years.

Cybersecurity workforce shortages and skills gaps

67% of respondents reported that their organization has cybersecurity staff shortages to prevent and troubleshoot security issues, and 92% of cybersecurity professionals report skills gaps at their organization.

The top three skills gaps at an organization are cloud computing security (35%), artificial intelligence/machine learning (32%), zero trust implementation (29%).

51% of organizations that have had cybersecurity layoffs have been impacted by one or more significant skills gaps compared to just 39% of organizations that have not had layoffs.

Economic uncertainty

71% of respondents agree that periods of economic uncertainty increase the risk of malicious insiders. Study found that 39% of cybersecurity professionals have been approached or know someone who has been approached by a malicious actor. Those at companies that have had layoffs in cybersecurity are three times more likely to have been approached to act as a malicious insider.

• 47% of respondents experienced cutbacks, which included budget cuts, layoffs and hiring and promotion freezes
• 35% faced cuts to cybersecurity training programs, vital for skills development and workforce growth
• Two-thirds of respondents say that cutbacks have negatively impacted their productivity, team morale and increased their workload
• 57% said their response to threats has been inhibited by cutbacks, and 52% have seen an increase in insider risk-related incidents
• 31% of professionals believe that cutbacks will continue into 2024, and 70% expect those cutbacks to include layoffs

Uncovering effective hiring, retention and team-building practices

• 47% of respondents have no or minimal knowledge of artificial intelligence (AI)
• 47% see cloud computing security as the most sought-after skill for career advancement
• 45% of respondents foresee AI as their top challenge over the next two years

“While we celebrate the record number of new cybersecurity professionals entering the field, the pressing reality is that we must double this workforce to adequately protect organizations and their critical assets,” said ISC2 CEO Clar Rosso.

“Amid the current threat landscape, which is the most complex and sophisticated it has ever been, the escalating challenges facing cybersecurity professionals underscore the urgency of our message: organizations must invest in their teams, both in terms of new talent and existing staff, equipping them with the essential skills to navigate the constantly evolving threat landscape. It is the only way to ensure a resilient profession that can strengthen our collective security,” Rosso continued.

Organizations are actively adopting strategies to strengthen their cybersecurity teams. Survey respondents say their organizations are investing in staff training (72%), offering flexible work conditions (69%), funding diversity, equity, and inclusion (DEI) programs (68%), supporting certifications (67%), and expanding their teams by recruiting, hiring and onboarding new staff (67%) to prevent or mitigate staff shortages.

Fostering diversity and inclusion in cybersecurity

To promote a more diverse workforce, organizations are embracing DEI initiatives, incorporating skills-based hiring, and revising job descriptions to emphasize DEI goals.

Organizations adopting skills-based hiring have seen a positive impact, with an average of 25.5% women in their workforce compared to 22.2% among those who haven’t embraced this initiative. However, there’s still work to be done, as women represent only 26% of cybersecurity professionals under the age of 30.

DEI initiatives not only drive diversity but also boost workforce effectiveness. Organizations implementing DEI hiring practices report a stronger sense of preparedness among their cybersecurity professionals in dealing with cyber threats over the next two to three years.

In addition to technical proficiency in various skills, cybersecurity professionals stress the importance of non-technical attributes. Problem-solving skills (45%) top the list, followed by curiosity and eagerness to learn (39%) and effective communication (38%).

More resources:

• Companies rethinking degree requirements for entry-level cybersecurity jobs
• Turning military veterans into cybersecurity experts
• Soft skills continue to challenge the cybersecurity sector