The good news is that the cybersecurity workforce now has more active working professionals than it ever has before; the bad news (at least for organizations looking to hire) is that demand is also growing and continuing to significantly outpace the supply as the workforce gap continues to hold.
According to the most recent (ISC)² Cybersecurity Workforce Study, the cybersecurity workforce has grown to about 4.7 million strong worldwide. But a workforce gap of 3.4 million remains in spite of good recent growth, and the answer to filling it in the near term is still not clear.
Cybersecurity workforce facing continued near-term shortages
Many companies are struggling to attract and retain a full staff of qualified security professionals, a situation that can lead to giant backlogs and failure to address serious vulnerabilities. But the numbers indicate that manpower support is not arriving any time soon, putting automation and alternative strategies at the forefront in the near term.
While survey respondents are happy with an increase in workforce supply, they continue to report serious problems with turnover due to inability to make the best offer on the market. A little over 1 in 5 also expressed concern about leadership’s ability to effectively distribute security professionals throughout company departments.
The companies that are managing to retain their cybersecurity workforce are generally large (at least 1,000 employees) and are offering a spectrum of benefits: employees appear to be responding best to remote work and internal training and career advancement opportunities. A positive company culture also appears to be a major factor. Employees that have left a position in the last two years do say that pay and benefits were the leading factor, but they are closely followed by a feeling that company culture was unhealthy and that they had a poor work/life balance.
For the companies having more issues with the cybersecurity workforce, 83% say that they are addressing the workforce gap through some sort of automation measures. The communication between IT decision-makers and the HR department also appears to frequently be problematic and in need of shoring up, with a little over half of respondents saying that the two do not have a strong working relationship.
Workforce gap still nearly as big as number of active working professionals
The cybersecurity workforce experienced solid growth of 11% in the past year, but that number is not keeping pace with a 26.2% overall increase in demand. Most of the world has a substantial imbalance of this nature, but the size of the workforce gap does vary somewhat by nation. For example, India’s growth in demand was a whopping 630% in just one year, while the Netherlands saw its available workforce expand by 64.3%. North America remained fairly stagnant at under 10% increases for both growth and demand.
The workforce gap also varies substantially by industry. More heavily regulated sectors seem to have a tendency to struggle more with their cybersecurity workforce: shortfalls were largest among government agencies and the aerospace industry. But the education sector was also among the leaders, possibly because of struggles to offer competitive pay and working conditions.
This year’s Cybersecurity Workforce Study was conducted with a global respondent base and included the feedback of over 11,700 cybersecurity employees and hiring managers.