Gernot Krautberger - stock.adobe

Global security workforce must more than double to meet demand

There are about 2.8 million cyber security professionals working today, and the world needs four million more

Such is the extent of the cyber security skills shortfall that the global workforce needs to more than double in size to make up the numbers, according to new research by cyber security professional association (ISC)².

In the latest annual edition of its Cyber security workforce study, (ISC)² calculated the current global cyber security workforce for the first time, putting the figure at 2.8 million professionals, but revealed that 4.07 million more were needed to close the skills gap. In the UK, it found about 289,000 security pros, compared with 121,000 in France and 133,000 in Germany, and across Europe, the Middle East and Africa (EMEA), identified a shortage of 291,000.

The data was compiled from an online survey of 3,237 self-selecting respondents with responsibility for cyber security, drawn from North America, Europe, Latin America and Asia-Pacific.

“We have been evolving our research approach for 15 years to get to this point today, where we can confidently estimate the current workforce and better understand what it will take as an industry to add enough professionals to protect our critical assets,” said Wesley Simpson, chief operating officer at (ISC)².

“Perhaps more importantly, the study provides actionable insights and strategies for building and growing strong cyber security teams. Knowing where we stand and the delta that needs to be filled is a powerful step along the pathway to overcoming our industry’s staffing challenges.”

The 2019 study revealed that 65% of businesses reported a shortage of security staff, and a lack of skilled or appropriately experienced people was cited as a top concern for 36% of respondents. Close to half said their cyber training budgets would grow in the next 12 months, and 59% said they were actively pursuing a new certification or had plans to do so.

Read more about security skills

  • The cyber skills shortage is leaving businesses at increased risk of attack as organisations continue to struggle to fill security-related positions, a survey shows.
  • A lack of skills, visibility and clarity on which business function is responsible for securing operational technology are the biggest challenges to managing the risk, a study shows.
  • With the increasing need for cyber security professionals, organisations are turning to new ways to address the skills gap facing the security sector.

(ISC)² laid out a number of recommendations for strategies to help bulk up the cyber security workforce. These include: highlighting training and development opportunities that could contribute to career advancement; taking measures to cast wider nets when seeking new talent, such as better level-setting on applicant qualifications; exploring new sources of recruitment, such as recent graduates with STEM [science, technology, engineering and maths] backgrounds whose qualifications do not directly pertain to security; and developing and training other members of IT teams into cyber security roles.

“While the global cyber security workforce gap is daunting, with real-world implications for organisations, it is not insurmountable,” said the report’s authors.

“By estimating the global cyber security workforce, we know that it needs to grow by 145%. That is a number that organisations can get their arms around. By recruiting talented men and women into the field, attracting experts from outside the organisation and helping to train and develop existing team members, organisations can improve their security stance and help close the gap in their corner of the world.”

Read more on IT risk management