Growth in cybersecurity workforce overshadowed by record-breaking skills gap, finds ISC2
Mon 13 Nov 2023
A recent study by ISC2 has revealed a notable growth in the global cybersecurity workforce, now reaching 5.5 million people.
This marks an 8.7% increase from 2022, equating to 440,000 new jobs.
Despite this record-high workforce, the 2023 ISC2 Cybersecurity Workforce Study highlighted a concerning workforce gap, with an additional 4 million professionals needed to adequately protect digital assets. This gap represents a record high.
Clar Rosso, ISC2 CEO, emphasised the importance of this growth: “While we celebrate the record number of new cybersecurity professionals entering the field, the pressing reality is that we must double this workforce to adequately protect organisations and their critical assets.”
The study, which included feedback from a record 14,865 cybersecurity professionals, identified several pressing challenges in the field.
Economic uncertainty, the rise of artificial intelligence, fragmented regulations, and skills gaps are prominent issues.
A significant 75% of professionals report the current threat landscape as the most challenging in the last five years, and only 52% believe their organisation is adequately equipped with the necessary tools and personnel to respond to cyber incidents in the next few years.
Addressing Cybersecurity Workforce and Skills Gaps
The study revealed that 92% of cybersecurity professionals acknowledge skills gaps within their organisations.
The most significant gaps are in cloud computing security (35%), artificial intelligence/machine learning (32%), and zero trust implementation (29%).
More than half of organisations (51%) that have experienced cybersecurity layoffs have been impacted by one or more significant skills gaps. This is compared to 39% of organisations that have not had a layoff.
Navigating Economic Uncertainty
Economic challenges have led to 47% of respondents experiencing cutbacks, including budget reductions, layoffs, and freezes on hiring and promotions.
A concerning 35% have seen cuts to vital cybersecurity training programs.
These cutbacks have negatively impacted productivity, morale, and workload.
57% said their response to threats has been inhibited by cutbacks, and 52% have seen an increase in insider risk-related incidents
31% of professionals believe that cutbacks will continue into 2024, and 70% expect those cutbacks to include layoffs
Emerging Technologies and Knowledge Gaps
The report also shed light on knowledge gaps in emerging technologies, with 47% of respondents admitting minimal knowledge of AI.
This gap is of concern, as 45% of respondents foresee AI as their top challenge over the next two years.
However, cloud computing security is viewed as the most critical skill for career advancement by 47% of the respondents.
Rosso added: “Amid the current threat landscape, which is the most complex and sophisticated it has ever been, the escalating challenges facing cybersecurity professionals underscore the urgency of our message: organisations must invest in their teams, both in terms of new talent and existing staff, equipping them with the essential skills to navigate the constantly evolving threat landscape.
“It is the only way to ensure a resilient profession that can strengthen our collective security.”
Empowering the Cybersecurity Workforce
In response to these challenges, organisations are adopting various strategies to strengthen their cybersecurity teams. These include investing in staff training, offering flexible work conditions, funding diversity, equity, and inclusion (DEI) programs, supporting certifications, and expanding teams through new hires.
Dave Gerry, CEO of Bugcrowd, reflected on the findings: “Roughly doubling the number of skilled cybersecurity professionals worldwide in just five years is an incredible achievement for the industry – but it’s clearly still not enough.
“There are, still, nowhere near enough experts in the world for all the organisations to employ the cybersecurity talent they need to protect themselves.”
Promoting Diversity and Inclusion
To foster a more diverse cybersecurity workforce, organisations are increasingly focusing on DEI initiatives, skills-based hiring, and revising job descriptions.
Skills-based hiring has shown a positive impact, with a slightly higher representation of women in the workforce (25.5%) compared to those that have not embraced this initiative.
Despite these efforts, women still represent only 26% of cybersecurity professionals under 30.
DEI initiatives not only drive diversity but also boost workforce effectiveness. Organisations implementing DEI hiring practices report a stronger sense of preparedness among their cybersecurity professionals in dealing with cyber threats over the next two to three years.
Gerry added: “Organisations need to adapt their recruiting methods to expand their available talent pool to non-typical candidates, and, in turn, provide the required training to enable these folks to be successful.
“The figures reinforce that an alternative to direct hiring is leveraging the immensely talented and creative hacker community via crowdsourcing.
“The scale of the skills gap means crowdsourcing is the fastest way to access the full spectrum of cybersecurity skills needed to proactively stay secure.”
Valuing Non-Technical Skills
The study also highlighted the importance of non-technical skills in cybersecurity. Problem-solving, curiosity, and effective communication are deemed crucial for professionals in the field.