In the ever-evolving landscape of cybersecurity, professionals find themselves at the frontline of a perfect storm. Economic uncertainty, emerging technologies, regulatory fragmentation, and widening skills gaps converge, posing unprecedented challenges to those tasked with safeguarding global institutions. As the fallout from the COVID-19 pandemic lingers, the study reveals a workforce grappling with layoffs, budget cuts, and a looming decrease in hiring, amplifying the strain on job satisfaction. Amidst this turbulence, the specter of cyber warfare emerges, and the advent of artificial intelligence introduces both optimism and caution. In this blog post, we delve into the pressing issues faced by cybersecurity professionals, exploring the intricate interplay of factors that demand increased support and investment from leaders across sectors that were detailed in the ISC2 Cybersecurity Workforce Study.
Key findings from the report include:
THE CYBERSECURITY WORKFORCE AND GAP HAVE BOTH GROWN. In the past year, the cybersecurity workforce has grown by 8.7%. In addition, the gap between the number of workers needed and the number available has also continued to grow, with a 12.6% increase year over year.
CYBERSECURITY HAS NOT BEEN IMMUNE TO CUTBACKS. 47% of cybersecurity professionals have dealt with cutbacks to their teams in the form of layoffs, budget cuts and hiring or promotion freezes. 22% have experienced layoffs, and 31% expect additional cutbacks in the next year.
STAFFING SHORTAGES AND SKILLS GAPS ARE CONSISTENT CHALLENGES. 67% of respondents reported that their organization has a shortage of cybersecurity staff needed to prevent and troubleshoot security issues. And 92% report having skills gaps in their organization — the most common being cloud computing security, AI/ML and Zero Trust implementation. We will examine these skills gaps in depth this year as 67% of those whose organizations had both shortages in total staff and skills gaps say that skills gaps are often worse.
ONGOING EDUCATION AND TRAINING HELP SHRINK SKILLS GAPS. 58% of cybersecurity professionals said that the negative impact of worker shortages can be mitigated by filling key skills gaps. We found that those who continue their training, education and certification reimbursement programs were far better prepared to weather times of economic uncertainty. Organizations with layoffs who kept these programs, were less likely to experience significant organizational skills gaps in cybersecurity.
CYBERSECURITY PROFESSIONALS FACE AN UNPRECEDENTED THREAT LANDSCAPE. 75% of cybersecurity professionals view the current threat landscape as the most challenging it has been in the past five years, and only 52% believe that their organization has the tools and people needed to respond to cyber incidents over the next two to three years. Those with shortages and skills gaps are far more worried about being able to keep their organizations secure.
TIMES OF ECONOMIC UNCERTAINTY POSE SIGNIFICANT THREATS TO CYBERSECURITY. 71% of respondents agree that periods of economic uncertainty increase the risk of malicious insiders. Our study found that 39% of cybersecurity professionals have been approached or know someone who has been approached by a malicious actor. Those at companies that have had layoffs in cybersecurity are three times more likely to have been approached to act as a malicious insider.
JOB SATISFACTION TOOK A SLIGHT DIP BUT REMAINS HIGH. 70% of cybersecurity professionals say they are satisfied with their jobs today, which represents a 4% drop from last year. This seems to be due in large part to cutbacks and layoffs, which our study shows significantly impact job satisfaction through overwork and loss of employee trust.
PATHWAYS INTO CYBERSECURITY ARE SHIFTING. We saw a significant shift in who is entering the cybersecurity profession and how they are doing it. Our study found that new workers are significantly more likely to have received a bachelor’s degree in cybersecurity before entering the field and are also more likely to previously have worked in a non-IT role. They are less likely to have worked in IT before entering. We also found that there are significantly more people entering cybersecurity later in their career and that the gender and ethnic breakdowns of the new workforce have undergone a considerable shift.
ORGANIZATIONS NEED PROFESSIONALS WITH CLOUD COMPUTING SKILLS, BUT THEY ARE HARD TO FIND. Our study found that cloud computing security is the skill that hiring managers most look for when hiring. However, it is also the most common area where respondents cited their organization having a skills gap.
AI/ML IS BECOMING INCREASINGLY CRITICAL. This year, for the first time, AI/ML skills were among the top five in terms of demand, representing a significant jump since last year when they were near the bottom of the list.
CYBERSECURITY PROFESSIONALS VALUE EXPERIENCE OVER FORMAL EDUCATION. We asked cybersecurity professionals to compare qualifications to understand what they value most in potential candidates and found that they value experience over education. Professionals favor senior-level experience over doctorate degrees (86% vs. 14%) and entry-level cybersecurity experience over cybersecurity bachelor’s degrees (70% vs. 30%).
According to their report, ISC2 estimates the global cybersecurity workforce at 5.5 million, representing an 8.7% increase year over year and nearly 440,000 new jobs. All regions saw growth this year, but these gains are particularly high in our two new Middle East countries, Asia-Pacific and North America. Japan in particular is growing at a rapid rate — 24% year over year. Latin America, after years of substantial growth, is starting to balance out, with Brazil decreasing from an 18.3% growth rate in 2022 to 8.9% this year, and Mexico dropping slightly year over year (ISC2, 2023).
To read more of the details of the report, you can find the full study here.