Gorodenkoff - stock.adobe.com
APAC cyber security workforce hits record high
The cyber security workforce in Asia-Pacific now stands at just under a million people, but demand for cyber security talent in the region continues to outpace supply
The cyber security workforce in the Asia-Pacific (APAC) region grew 11.8% from 2022, reaching a record high of 960,231 people, but the demand for their skills continues to outpace supply.
That was according to ISC2’s latest Cybersecurity workforce study, which noted that 2.6 million professionals in APAC are needed to adequately safeguard digital assets, representing a 23.4% increase from 2022.
Besides the shortage of cyber security talent, the study also revealed the challenges impacting those in the field, including economic uncertainty, artificial intelligence (AI), fragmented regulations and skills gaps. In APAC, the top three skills gaps were AI and machine learning (33%), cloud security (32%), and penetration testing (29%). Economic uncertainty looms large at the same time, with 44% of APAC respondents experiencing cutbacks, including budget cuts, layoffs, and hiring and promotion freezes.
The cutbacks have not only exacerbated the skills shortage, but they have also affected the ability of cyber security teams to counter cyber threats. In APAC, 62% of respondents noted that their response to threats have been inhibited by cutbacks, while 58% have seen an increase in insider risk-related incidents. Nearly four in 10 APAC cyber security professionals believe cutbacks will continue into 2024.
The industry’s talent shortages and cutbacks come amid an increasingly challenging threat landscape. Some 71% of APAC cyber security professionals said the current threat landscape is the most challenging it has been in the past five years. Only 59% believe their organisation has the adequate tools and people to respond to cyber incidents over the next two to three years.
“While we celebrate the progress some APAC markets have made in closing the workforce gap, the reality is that the region as a whole still has much work to do to ensure an adequate supply of cyber security professionals to protect organisations and their critical assets,” said ISC2 CEO Clar Rosso.
“Amid the current threat landscape, which is the most complex and sophisticated it has ever been, the escalating challenges facing cyber security professionals underscore the urgency of our message: organisations must invest in their teams, both in terms of new talent and existing staff, equipping them with the essential skills to navigate the constantly evolving threat landscape. It is the only way to ensure a resilient profession that can strengthen our collective security.”
Read more about cyber security in APAC
- The chairman of Ensign InfoSecurity traces the company’s journey and how it is leading the charge in cyber security by doing things differently, investing in R&D and engaging with the wider ecosystem.
- The president of ST Engineering’s cyber business, outlines the common myths around OT security in a bid to raise awareness of the security challenges confronting OT systems.
- Australia is spending more than A$2bn to strengthen cyber resilience, improve digital government services and fuel AI adoption, among other areas, in its latest budget.
- Mimecast CEO Peter Bauer believes the company’s comprehensive approach towards email security has enabled it to remain relevant to customers for two decades.
To address talent issues, APAC organisations are investing in staff training (68%); supporting certifications (63%); expanding their teams by recruiting, hiring and onboarding new staff (63%); and offering flexible work conditions (59%).
In promoting a more diverse workforce, APAC organisations are also embracing diversity, equity and inclusion (DEI) initiatives, incorporating skills-based hiring, and revising job descriptions to emphasise DEI goals.
Those that have adopted skills-based hiring practices have seen a positive impact, with 65% of APAC hiring managers seeing an increase in job applications from technically skilled individuals without prior cyber security work experience.
However, there’s still work to be done, as women represent only 14% of cyber security professionals under the age of 30 in the region, underscoring the need to continue attracting women to join the cyber security workforce.