Companies struggling to fill specialized skill positions should not expect market improvements in the near future, at least according to ISC2’s new Cybersecurity Workforce Study. A now years-long trend of a gap persisting in the overall workforce, but most acute in high-demand high-skill positions, has continued in the past year even as companies report having more difficulty than ever handling threat actors.
Cybersecurity workforce strain continues amidst historically bad threat landscape
The cybersecurity workforce does continue to add substantial amounts of newcomers, about 5.5 million globally over the past year. The problem is that demand for new workers was at about 9 million. That trend has persisted for years now, but the gap grew over the past year and has hit certain countries particularly hard.
It is not just a shortage of people, but shortages in budgets that is driving cybersecurity workforce issues. Some organizations are out of the running immediately in terms of attracting high-skill candidates, as almost half of respondents reported layoffs, hiring freezes and budget cuts in the past year. Almost a third expected to see more of these actions in the coming year. And just under half said that they thought their companies were offering competitive pay for cybersecurity positions; lack of promotion possibility is also commonly cited as an issue.
One of the more worrisome numbers in this report is that a little over half of respondents now feel that they are not well-equipped to respond to cyber incidents. 58% say that the central problem is inability to fill key skill positions, and that confidence would be sharply up if this was not such a problem.
Some countries are being hit much harder than others by the skills gap. Latin America in general is struggling the hardest, with Mexico and Brazil reporting the worst hiring issues. Australia, Singapore and the UAE also continue to have some of the biggest gaps.
In total, 92% of organizations say they are having difficulty filling all of their cybersecurity skill positions. Certain needs stand out as common; expert zero trust architecture and cloud security specialists seem to be particularly hard to find right now. 67% of respondents say that these particular skill gaps are their central concern, much more of a problem than general staffing levels.
Issues in cybersecurity workforce unlikely to change in near term
Neither the threat landscape nor the shortage of skilled workers in the cybersecurity workforce are likely to change within at least the next couple of years. There was some hope of increasing stability with the Covid-19 pandemic now fully in the rearview mirror, but that seems to have largely been replaced by the instability in Ukraine and now in Gaza.
There are a number of emerging trends in the threat landscape, not the least of which are large-scale DDoS attacks in connection with these conflicts and a new focus on skilled social engineering by attackers. The report notes that insider threats are also on the rise, as well-funded criminal groups simply approach potentially dissatisfied employees and pay them for access.
One thing that the cybersecurity workforce can tout to potential new recruits is a high likelihood of job satisfaction. In spite of all the recent hardships, 70% of respondents say they are highly satisfied with their jobs.