The World Needs Twice as Many Cybersecurity Pros, Report Says
In the U.S., an industry nonprofit found that two of every five cybersecurity jobs is going unfilled.
Demand for cyber expertise is skyrocketing across the U.S. as more organizations start prioritizing their digital security, but today there are only enough cybersecurity pros to fill about 60 percent of those jobs, according to a recent survey.
And if you look beyond the U.S., the talent gap is even more stark.
Today, there are about 2.8 million cybersecurity professionals around the world, but that workforce would need to grow by roughly 145% to meet the global demand for digital security expertise, according to a report from cybersecurity nonprofit (ISC)2. In other words, that means there are nearly five cybersecurity jobs available for every two people who work in the industry today.
Researchers found the global shortage of cyber professionals grew nearly 40 percent over the past year, rising from 2.93 million vacant positions in 2018 to 4.07 million in 2019. According to the report, the talent gap isn’t distributed evenly around the globe. About 560,000 cybersecurity positions sit vacant across North America—about 90% of which are in the U.S.—but in Asia, the number of unfilled positions exceeds 2.6 million.
Security professionals listed the lack of cyber expertise as the number one issue facing the field today, researchers found. And as cyberattacks grow more frequent and sophisticated, the demand for digital defenders will only continue to increase.
In the survey, about two-thirds of organizations reported a shortage of cybersecurity personnel, and about half said they planned to increase their security training budgets next year to draw more people into the field.
The report is based on a survey of some 3,237 cybersecurity professionals across North America, Latin America, Europe and Asia, more than double the participants in last year’s (ISC)2 cyber workforce report. Researchers gave their global workforce figures a 1.7% margin of error.
In the report, (ISC)2 proposed a handful of strategies for organizations to fill their vacant cyber positions, such as retraining existing technical personnel for security roles, increasing investment in recruitment efforts and looking beyondtraditional qualifications when hiring new employees.
“While the global cybersecurity workforce gap is daunting, with real-world implications for organizations, it is not insurmountable,” researchers wrote. “By recruiting talented men and women into the field, attracting experts from outside the organization, and helping to train and develop existing team members, organizations can improve their security stance and help close the gap in their corner of the world.”
While virtually every sector faces a shortage of cyber talent, the government is particularly strapped for digital expertise. Salary caps and rigid career paths have historically made it difficult for the government to attract technical talent, and as the competition for cyber pros grows more intense, agencies are struggling to compete for the limited pool of experts.
Over the past year, the Trump administration kicked off a reskilling initiative meant to train feds for security roles and lawmakers have introduced numerousmeasures to bolster the federal cyber workforce. The Homeland Security Department, which oversees many of the government’s cyber operations, is redesigning its hiring process to make it easier to recruit and retain digital security experts.