The cybersecurity workforce shortage has risen to a record high of just under 4 million despite the cybersecurity workforce growing by almost 10% in the last year. That’s according to the latest Cybersecurity Workforce Study from ISC2, the nonprofit member organization for cybersecurity professionals. The gap between the number of workers needed and the number available has risen 12.6% year over year, with cutbacks, economic uncertainty, artificial intelligence (AI), and a challenging threat landscape as key driving forces, the research found. The current global workforce gap is estimated to be 3,999,964 while the workforce itself is estimated to be 5,452,732, according to ISC2. Meanwhile, organizations are investing in strategies to prevent or mitigate the staffing issues they face.
Two-thirds of organizations lack staff needed to prevent, troubleshoot security issues
Two-thirds (67%) of the 14,865 cybersecurity professionals surveyed reported that their organization has a shortage of cybersecurity staff needed to prevent and troubleshoot security issues. Cost-saving cutbacks such as budget cuts, layoffs, and hiring/promotions freezes are playing a fundamental role, the report found.
Overall, 47% of cybersecurity workers have experienced cybersecurity-related cutbacks, with 22% of this group having been impacted by layoffs within cybersecurity. An additional 28% have had layoffs elsewhere in their organizations, which can significantly affect the cybersecurity workforce. Nearly half of respondents stated that cutbacks have affected their security team disproportionately in comparison to the rest of their organization, with 71% having experienced a negative impact on their workload and 57% seeing their ability to respond to cybersecurity threats impacted as a result.
The entertainment (33%), construction (31%), and automotive (29%) sectors have been hit particularly hard by layoffs in cybersecurity. The military/military contractor (8%), government (9%), and education (13%) sectors have been the least affected. Geographically, Latin America (Brazil and Mexico) has seen the greatest layoffs, followed by Nigeria and United Arab Emirates. Countries with the fewest layoffs are Hong Kong, the US, and Saudi Arabia.
Cybersecurity skills gaps just as challenging as shortages
Staffing shortages aren’t the only way that organizations are lacking in their cybersecurity workforce, with a clear and critical need to fill skills gaps in the cybersecurity profession also problematic, ISC2 found. A skills gap is an area in which cybersecurity teams lack workers with proficiency or expertise in particular skills that are necessary to function effectively.
More than half (59%) of cybersecurity workers said that skills gaps can be worse than total worker shortages, while 92% reported skills gaps at their organization, the most common being cloud computing security, AI/ML, and zero-trust implementation. Almost half (43%) cited one or more significant or critical skills gap within their company. An inability to find people with the right skills (44%), struggling to keep people with in-demand skills (42%), and lacking the budget to hire people (41%) are the biggest causes for these skills gaps, according to the report.