The gap between the demand for cybersecurity professionals and their availability has widened to unprecedented levels, says a new report. The number of new cyber pros would need to nearly double to close it, and the existing workforce lacks competence.
The current threat landscape has been the most challenging in the past five years, according to 75% of 14,865 international cybersecurity practitioners and decision-makers polled in the latest Cybersecurity Workforce Study from ISC2. More than a third admitted that their organizations were too slow to patch critical systems.
The protectors of global infrastructure and systems from attacks were hit by “a perfect storm of economic uncertainty, rapidly emerging technologies, fragmented regulations and ever-widening workforce and skills gaps.” All this led to high uncertainty and a modest decrease in job satisfaction for the first time.
Globally, 3,999,964 cyber pros are needed to fill the global cybersecurity workforce gap, a record high.
The gap widened despite the headcount in the field growing by 8.7% in the past year.
“We estimate the size of the global cybersecurity workforce at 5.5 million – a 9% increase from 2022, and the highest we’ve ever recorded,” the ISC2 report reads. “The gap grew by 13% from 2022, which means that in 2023, there are roughly four million cybersecurity professionals needed worldwide. The profession needs to almost double to be at full capacity.”
Growth was limited by cutbacks, as 22% of cybersecurity professionals have dealt with layoffs and 31% expect additional reductions in the next year. In total, 47% of the respondents experienced some form of cutbacks, including layoffs, budget cuts, and hiring or promotion freezes.
Nearly half of those surveyed (41%) believe that the cuts have disproportionately affected their security team compared to the rest of the organization. Cutbacks are directly linked to effects such as an increase in workload (71%), lower cybersecurity team morale (63%), productivity (62%), and ability to prepare for future threats (62%).
While all major industries have experienced cutbacks, the entertainment, construction, automotive, and tech sectors have been hit particularly hard by layoffs in cybersecurity.
To date, two-thirds of system defenders reported that their organization has a shortage of cybersecurity staff to prevent and troubleshoot security issues. And 92% admitted having skill gaps in their organization.
“Participants expressed concern that skills gaps leave their organizations more vulnerable than the lack of qualified team members,” researchers write.
Only 52% of cybersecurity professionals believe that their organization has the tools and people to respond to cyber incidents over the next two to three years.
“Those with shortages and skills gaps are far more worried about being able to keep their organizations secure,” the report reads.
Cyber pros are primarily concerned about their cloud computing security, AI/ML, and Zero Trust implementation.
The calculated workforce gap does not aim to estimate the actual current job market for cybersecurity professionals, as it represents “the difference between the number of cybersecurity professionals that organizations require to properly secure themselves and the number of cybersecurity professionals available for hire.”
How many cyber pros are needed in different countries?
According to ISC2’s study, the most significant cybersecurity workforce gap is in China, which alone needs 1.72 million specialists. India is in second place, with a demand of 789,793 professionals.
The shortages in other countries are as follows:
- USA: 482,985
- Brazil: 231,927
- Japan: 110,254
- Mexico: 116,331
- Germany: 104,660
- Spain: 74,498
- UK: 73,439
- France: 59,117
- South Africa: 57,269
- Canada: 38,842
- United Arab Emirates: 31,928
- Netherlands: 29,058
- Australia: 27,756
- South Korea: 17,611
- Saudi Arabia: 14,252
- Nigeria: 8,352
- Ireland: 6,990
- Singapore: 3,961
Risks are increasing
Cybersecurity staffing shortages pose a significant threat to organizations, as 57% of workers say that shortages put their organization at moderate or extreme risk of cybersecurity attacks.
The top responses include mentioning not having enough time for proper risk assessment and management (50%), oversights in process and procedure (45%), misconfigured systems (38%), slow to patch critical systems (38%), inability to remain aware of all threats active against their network (35%), and other.
Many are still satisfied with their jobs
Job satisfaction among cyber pros took a slight dip in 2023, but it remains high. 70% of cybersecurity professionals say that they’re either very satisfied or somewhat satisfied with their jobs today, representing a 4% drop from last year.
“This seems to be due in large part to cutbacks and layoffs, which our study shows significantly impact job satisfaction through overwork and loss of employee trust,” researchers write.
The strongest feeling that keeps at work is a passion for cybersecurity work in general (73%). Many are also satisfied with their team (66%).
Cutbacks and layoffs were the main reasons harming morale.
“68% of those who experienced layoffs said those layoffs significantly hurt team morale, and 62% reported that cybersecurity cutbacks have a negative effect on productivity,” the report reads.