The global cyber workforce gap continued to scale new heights in 2023. In October, ISC2 reported that the gap had reached a record four million people and ISACA research found that 62% of cybersecurity teams were understaffed.
This is despite a significant increase in cybersecurity professionals in 2023, with the global workforce reaching 5.5 million, according to ISC2 figures.
With ransomware attacks reaching record levels in 2023, the cyber-threat landscape has put more demand on the cybersecurity community than ever before.
Tara Wisniewski, EVP, Advocacy, Global Markets and Member Engagement at ISC2, told Infosecurity: “The threat landscape is tougher than it’s ever been. We found that 75% of cyber professionals are finding the current threat landscape to be the most challenging it’s been in the past five years. That’s inevitably going to increase the need for skilled cybersecurity professionals.”
Lay-Offs and Budget Cuts
Wisniewski cited findings from ISC2’s 2023 Cyber Workforce Study, which showed that lay-offs, budget cuts and hiring and promotion freezes had impacted cybersecurity teams this year amid the global economic downturn.
Jon Brandt, Director of Professional Practices and Innovation at ISACA, agreed that the economic environment is having a big impact on the ability of companies to hire for cybersecurity jobs. While many organizations say they have open positions, in reality they are not hiring for them.
“The number of true entry-level jobs has been insufficient for what is necessary for the countless individuals who have completed university, re-skilling and/or upskilling programs,” he told Infosecurity.
Cybersecurity vendors themselves have not been immune to lay-offs, with Rapid7 cutting 18% of its staff and Splunk making 7% of its staff redundant this year.
Will the Skills Gap Increase in 2024?
Overall, the picture looks bleak for the coming year, with the cyber workforce gap likely to widen in 2024.
Wisniewski noted that demand for cyber professionals will rise in the foreseeable future regardless of the economic situation, given the reliance on digital technology.
She said that security cutbacks are not only hindering the growth of the cyber workforce, but are having ripple effects that cause burnout, low morale and damage productivity. This increases the chances of seasoned professionals changing jobs or even leaving the industry altogether.
Lisa Ventura, Founder, Cyber Security Unity, said that security tends to be one of first budgets that businesses cut in times of financial difficulty.
“I think the cyber skills gap will continue to widen next year, especially with so many cyber and tech organizations making redundancies as the global economic downturn continues to bite,” she explained to Infosecurity.
“We haven’t seen any major evidence of AI replacing cybersecurity jobs"
Economic uncertainty, combined with fast evolving tactics by threat actors and the introduction of new cybersecurity regulations is a recipe for a much greater need for workers, according to Larry Whiteside Jr., Co-Founder and President, Cyversity and CISO, RegScale.
“Regrettably, I anticipate the skills gap to expand further in 2024,” he told Infosecurity.
AI is often viewed as a chance to reduce the cyber skills crisis by enabling more tasks to be automated. However, in the short term it could exacerbate the problem as many organizations currently lack expertise in AI to use these tools effectively.
“Generative AI has the possibility to help security operations, but like any other technology, it requires practitioners understand it at the appropriate level for their responsibility,” said Brandt.
Wisniewski added: “We haven’t seen any major evidence of AI replacing cybersecurity jobs – in fact, we anticipate seeing an increased need for hiring professionals who are skilled in AI/ML.”
Hope on the Horizon?
Despite the current workforce landscape, there is significant action being taken to address this issue across the public and private sectors.
In July 2023, the White House launched its National Cyber Workforce and Education Strategy (NCWES). In addition to transforming cyber education, the strategy aims to expand and enhance the national cyber workforce, such as encouraging the adoption of a skills-based approach to recruitment, and increasing job opportunities in the sector for underrepresented groups.
“This initiative provides a solid foundation for corporations to align their hiring practices with broader inclusivity goals,” commented Whiteside.
New opportunities have also provided by the private and not-for-profit sectors to allow people to quickly develop cyber skills and make themselves ready for a job in the industry.
“Notably, both Google and ISC2 have invested significantly in creating accessible training resources, providing a broad audience with fundamental skills essential for entering the cybersecurity field,” observed Whiteside.
Similarly, Ventura highlighted several new initiatives in the UK, which aim to make cybersecurity careers more accessible. This includes work being undertaken by the UK Cyber Security Council to professionalize the industry, creating clear pathways and qualifications, and opportunities to rapidly reskill people through programs like Capslock’s bootcamps.
Boosting opportunities and pathways into the sector is a key component of the UK government’s National Cyber Strategy.
How to Tackle the Skills Gap in 2024
Looking ahead, Wisniewski urged organizations to prioritize budgets and investments security across the entire workforce.
“Ongoing education and training can help shrink skills gaps, with 58% of cybersecurity professionals agreeing this is the way forward to mitigate the negative impact of worker shortages,” she outlined.
Additionally, it is important to expand ideas of what defines a high-quality candidate for positions in cyber to boost both numbers and diversity in the sector. Whiteside believes that for this to happen, security leaders must play a greater role in shaping the requirements, job descriptions, and expectations related to the recruitment of individuals for open cybersecurity roles within their organizations.
“Without a more proactive involvement from cyber leaders, we may fall short of achieving the diversity needed to bring about meaningful change and enhance the field's value in addressing the daily cyber threats organizations encounter,” he explained.
The growing availability of advanced technologies such as AI means that organizations must place an even greater premium on soft skills in their security teams, according to Brandt.
The skills gap is not a challenge that the private sector can tackle alone. While growing government intervention in this area is a step in the right direction, there needs to more improvement in collaboration between the public and private sector to ensure such initiatives are executed effectively.
Wisniewski noted: “Governments and industry need to make tangible steps towards building a skilled workforce, providing the right tools and resources and most importantly, listening to the challenges the profession is facing. Doing so is vital to building a robust cybersecurity workforce.”