The global cybersecurity workforce gap reached a new high with an estimated 4.8 million professionals needed to effectively secure organizations, a 19% year-on-year increase, according to ISC2.
Despite the growing need for professionals, global workforce growth has slowed for the first time since ISC2 began estimating the workforce size six years ago, holding at an estimated 5.5 million people (a 0.1% year-on-year increase). This contrasts with last year, when the workforce grew 8.7% year-on-year despite declining economic conditions.
For the first time, participants cited “lack of budget” as the top cause of their staffing shortages, replacing “lack of qualified talent” as the top cause in all previous years. As organizations continue to face economic instability, the profession is under pressure with increasingly limited resources. While 74% of professionals agree that the 2024 threat landscape is the most challenging it has been in the last five years, budget pressures on the cybersecurity workforce include:
- 37% experiencing budget cuts (+7% from 2023)
- 25% experiencing layoffs in their cybersecurity team (+3% from 2023)
- 38% experiencing hiring freezes (+6% from 2023)
- 32% seeing fewer promotions (+6% from 2023)
Skills gaps put organizations at risk
This year, a record 15,852 cybersecurity practitioners and decision-makers participated in the study. In addition to the workforce gap, 90% of respondents indicated that they face skills shortages at their organizations. 58% of those surveyed believe a shortage of skills puts their organization at significant risk, and 64% say skills gaps present a greater challenge to securing their organizations than staffing shortages. Professionals said the following are the top five skills gaps at their organizations:
- AI (34%)
- Cloud computing security (30%)
- Zero trust implementation (27%)
- Digital forensics and incident response (25%)
- Application security (24%)
“The ISC2 Cybersecurity Workforce Study highlights a concerning perception among cybersecurity professionals. After two years of declining investment in hiring and professional development opportunities, organizations are now facing significant skills and staffing shortages – an issue that professionals warn is heightening overall risk,” said ISC2 EVP of Corporate Affairs Andy Woolnough.
“At a time when global instability and emerging technologies like AI are rapidly increasing the threat landscape, investment in skills development and the next generation of the cyber workforce is more crucial than ever. This will enable cybersecurity professionals to meet these challenges and keep our critical assets secure,” added Woolnough.
Attracting entry-level talent
31% of participants said their security teams had no entry-level professionals on their teams, and 15% said they had no junior-level (1-3 years of experience) professionals. Moreover, hiring managers – 62% of which currently had open roles on their teams – are focusing on hiring mid to advanced level roles rather than a broad mix of experience and abilities.
This represents a high proportion of organizations that do not have a pipeline of professionals who can develop their foundational skillset in-house to bolster existing teams and instead are relying solely on hiring pre-qualified talent. Providing on-the-job training and professional development opportunities for entry-level talent is essential for developing a skilled cybersecurity workforce for the future, as well as offering advancement opportunities for the existing workforce.
Cybersecurity workplace skills shortage fuels security risks
Job satisfaction among cybersecurity professionals has remained high over the last several years despite prevailing staffing challenges and escalating threats. However, this year – characterized by mounting security challenges, slow job growth and budget constraints – our study found a 66% favorable job satisfaction rate among professionals, down 4% from 2023.
With mounting pressure on cybersecurity teams, declining job satisfaction can lead to professionals leaving the field and increased burnout, further exacerbating the workforce shortage.
This year’s research reveals three areas of action for organizations to address the global shortage of cybersecurity jobs growth, to encourage new individuals into the profession and to address the skills gap. This includes addressing job creation and hiring priorities, prioritizing in-house professional development and setting realistic and clear job role expectations.
A shortage of people and cybersecurity skills in the workplace creates risk and vulnerability within organizations. An inability to fully fill roles and secure the skills needed creates increased workloads that might leave organizations vulnerable both security-wise and financially.
Fill out the form to get your guide: