The cybersecurity workforce shortage has reached a new high, with nearly 4 million positions left unfilled despite a 10% growth in the cybersecurity workforce in the past year. This information comes from the latest Cybersecurity Workforce Study conducted by ISC2, a nonprofit organization for cybersecurity professionals. The research reveals that the gap between the demand for cybersecurity workers and the available talent has increased by 12.6% year over year. Factors contributing to this shortage include cost-saving measures, economic uncertainty, the introduction of artificial intelligence (AI), and an ever-evolving threat landscape.
According to ISC2, the current global workforce gap stands at 3,999,964, while the total number of cybersecurity professionals worldwide is estimated to be 5,452,732. The study also highlights that around two-thirds (67%) of the 14,865 cybersecurity professionals surveyed reported a shortage of staff within their organizations. This shortage directly impacts their ability to prevent and troubleshoot security issues. Budget cuts, layoffs, and hiring/promotions freezes are among the cost-saving measures that have exacerbated the shortage.
The report reveals that 47% of cybersecurity workers have experienced cutbacks, with 22% having been affected by layoffs specifically within their cybersecurity teams. Additionally, 28% have experienced layoffs in other areas of their organizations, which in turn has a significant impact on the overall cybersecurity workforce. Nearly half of the respondents noted that the cutbacks have disproportionately affected their security teams compared to the rest of their organizations. Consequently, 71% of respondents reported increased workloads, while 57% claimed that their ability to respond to cybersecurity threats has been negatively impacted.
Certain sectors have been hit harder by cybersecurity-related layoffs than others. The entertainment, construction, and automotive industries have suffered the most, with 33%, 31%, and 29% of professionals in those fields respectively experiencing layoffs. On the other hand, the military/military contractor, government, and education sectors have been the least affected, with only 8%, 9%, and 13% of professionals in those fields facing layoffs. Geographically, Latin American countries such as Brazil, Mexico, and Nigeria have seen the highest number of layoffs in the cybersecurity field, while Hong Kong, the United States, and Saudi Arabia have experienced relatively fewer cutbacks.
In addition to the shortage of cybersecurity workers, the report highlights the existence of significant skills gaps within the cybersecurity profession. A skills gap refers to the lack of workers with the necessary proficiency or expertise in specific skills required for effective cybersecurity operations. More than half (59%) of the respondents stated that skills gaps can be even more challenging than overall worker shortages. An overwhelming 92% reported skills gaps within their organizations, with the most common gaps relating to cloud computing security, AI/machine learning (ML), and the implementation of zero-trust principles. Furthermore, 43% of respondents cited one or more significant or critical skills gaps within their companies.
The report also addresses the reasons behind these skills gaps. The inability to find individuals with the right skills, difficulties in retaining employees with in-demand skills, and budget constraints preventing organizations from hiring skilled professionals were identified as the main causes. These factors highlight the need for organizations to invest in training and development programs, as well as competitive compensation and benefits packages to attract and retain talented cybersecurity professionals.
In conclusion, the cybersecurity workforce shortage has reached an all-time high, with nearly 4 million positions left unfilled globally. The shortage, along with skills gaps in the cybersecurity profession, poses significant challenges for organizations worldwide. To address these issues, organizations must invest in strategies to recruit, train, and retain cybersecurity professionals, as well as implement measures to mitigate the impact of cost-saving measures on their security teams.