Cyber workforce must almost double to meet global talent need

Shortage of workers

When it comes to global cyber skills gaps, ISC2 found 90% of those asked said there was a skills gap in their firms, with 35% saying their firms have both a shortage of workers and a shortage of skills.

But more than 60% of those asked claimed a lack of skills in their cyber teams is worse than not having enough cyber workers.

Unfortunately, there’s a disparity between the skills that firms are looking for when hiring cyber professionals, and the skills those in cyber roles think are the most important to develop, making it more difficult to close these skills gaps present in teams.

For example, the top priority for hiring managers is for candidates to have problem-solving skills, something 31% of managers want but only 28% of cyber professionals think is high on the list of skills that are in demand.

On the reverse, the top skill cyber professionals think firms want them to have is communication skills – a belief held by 31% of those working in the sector despite it only being the main attraction for a quarter of hiring managers.

Many indicated there are gaps in knowledge within the cyber teams in their organisations, the most prolific being a lack of skills in artificial intelligence (AI) and machine learning (ML), cited by 34% of those asked.

Cloud computing security, zero-trust implementation, digital forensics and incident response, and applications security were the others among the top five skills lacking in current cyber teams.

The current economic climate has led many organisations to cut costs, and though the number of cyber professionals has remained the same year-on-year, it’s possible cost concerns are stifling hiring and growth in this area, according to ISC2’s research.

Almost 40% of those asked said this lack of funding was the main reason for the shortage of cyber workers, with a quarter having seen redundancies, an increase of 3% on last year, and 37% have said there have been budget cuts over the past year.

Looking at LinkedIn job postings, ISC2 found that worldwide, the number of jobs posted for cyber security have either declined or stayed the same year-on-year, with only Spain and Mexico showing a significant growth in cyber job postings compared with last year, up 5.5% and 6.8% respectively.

Almost 60% of workers say this lack of cyber staff is actually putting their firms at increased risk of cyber incidents, especially with 74% saying the threat landscape is the worst it has been for five years.

“At a time when global instability and emerging technologies like AI are rapidly increasing the threat landscape, investment in skills development and the next generation of the cyber workforce is more crucial than ever,” said Woolnough. “This will enable cyber security professionals to meet these challenges and keep our critical assets secure.”

Impact on well-being

This shortage of cyber roles is not only posing a risk for businesses: it’s also having an impact on workers’ well-being in the workplace, with job satisfaction among cyber workers down 4% year-on-year, possibly as a result of increased workloads.

Currently, 31% of those asked by ISC2 said there are no entry-level members on their team, and 15% have no people in a junior-level position, indicating a lack of natural progression for those in a cyber career, as well as the possible reason for the difficulties some firms are having finding the talent they need.

Lowering the barriers to hiring could also help increase the numbers of cyber workers, as well as narrow the skills gap by ensuring those hired are given the skills applicable to their job as part of their on-boarding.

ISC2 highlighted three ways companies could include both the lack of cyber workers and the skills gaps the industry is facing, including continued skills development for all levels, more transparency around job expectations and the skills most in demand, and bringing new people into the cyber security sector.