The global cybersecurity skills shortage has fallen for the second consecutive year, but the size of the workforce is still 65% below what it needs to be, according to the latest figures from (ISC)2.
The non-profit accreditations body’s 2021 (ISC)2 Cybersecurity Workforce Study was compiled from interviews with 4,753 cybersecurity professionals and IT workers who dedicate at least 25% of their time to security tasks.
It revealed the shortfall of skilled workers in the industry had sunk from 3.12 million last year to 2.72 million. That’s down in part to 700,000 new entrants joining the sector since 2020 and lower demand for workers from APAC, where a slower economic recovery impacts small businesses and those in the IT services sector.
However, despite the global workforce growing to nearly 4.2 million, there are several persistent causes for concern.
APAC has the most significant regional workforce gap despite faltering demand, at 1.42 million, while the workforce gap in every other region increased since last year. It’s now around 402,000 in North America and 199,000 in Europe, including 33,000 in the UK.
This can have a real impact on cyber-risk levels in organizations. According to respondents, staff shortages can mean more chance of misconfigured systems, patching delays, process oversights, rushed deployments, sub-par threat detection and response, and less time for proper risk assessments.
A quick look at the areas where industry professionals seek qualifications shows where demand is strongest. Some 40% cited cloud computing security, nearly double most of the other areas of competence.
Fortunately, organizations are taking some steps to alleviate the impact of shortages. These include training (36%), provision of more flexible working (33%) and investing in diversity, equity and inclusion (DEI) initiatives (29%). Others cited the use of cloud service providers (38%), automation of manual tasks (37%) and getting staff involved earlier in third-party relationships (32%).
However, it’s still not enough, according to Clar Rosso, CEO of (ISC)².
“Any increase in the global supply of cybersecurity professionals is encouraging, but let’s be realistic about what we still need and the urgency of the task before us,” she argued.
“The study tells us where talent is needed most and that traditional hiring practices are insufficient. We must put people before technology, invest in their development and embrace remote work as an opportunity. And perhaps most importantly, organizations must adopt meaningful diversity, equity and inclusion practices to meet employee expectations and close the gap.”
A record 77% of respondents reported they are satisfied or extremely satisfied with their jobs – and well they might be, given that average salaries continue to climb. In the US, the pre-tax figure is $90,900 – up from $83,000 in 2020.