The global cyber security workforce needs to increase by 87% to fill the current shortfall of cyber talent, according to research.
ISC2’s 2024 Cybersecurity workforce study found there are currently around 5.5 million people working in cyber security, and a further 4.8 million are needed to meet the global 10.2 million cyber professionals required to ensure firms are fully secure.
As technology becomes an increasingly important part of work and life, the need for cyber talent has increased – according to ISC2, the cyber security workforce gap has increased by 19% compared with last year, as the number of workers needed and the number of workers there grow further and further apart, a need which if left unfulfilled could leave organisations vulnerable.
Andy Woolnough, executive vice-president of Corporate Affairs at ISC2, said: “The ISC2 Cybersecurity workforce study highlights a concerning perception among cyber security professionals. After two years of declining investment in hiring and professional development opportunities, organisations are now facing significant skills and staffing shortages – an issue that professionals warn is heightening overall risk.”
While the number of cyber workers globally has remained at around 5.5 million over the past year, there have been fluctuations regionally, with some countries seeing an increase in cyber workers and others seeing a decrease.
The UK was one of the regions where cyber workers saw a year-on-year decline, from 367,300 in 2023 to 349,360 in 2024, a drop of 4.9%.
But workers are not the only thing lacking, with skills in cyber security some of the most lacking across Europe in particular. Computer Weekly’s own research found 37% of firms claiming a low access to cyber security talent is posing a huge problem.
Shortage of workers
When it comes to global cyber skills gaps, ISC2 found 90% of those asked said there was a skills gap in their firms, with 35% saying their firms have both a shortage of workers and a shortage of skills.
But more than 60% of those asked claimed a lack of skills in their cyber teams is worse than not having enough cyber workers.
Unfortunately, there’s a disparity between the skills that firms are looking for when hiring cyber professionals, and the skills those in cyber roles think are the most important to develop, making it more difficult to close these skills gaps present in teams.
For example, the top priority for hiring managers is for candidates to have problem-solving skills, something 31% of managers want but only 28% of cyber professionals think is high on the list of skills that are in demand.
On the reverse, the top skill cyber professionals think firms want them to have is communication skills – a belief held by 31% of those working in the sector despite it only being the main attraction for a quarter of hiring managers.
Many indicated there are gaps in knowledge within the cyber teams in their organisations, the most prolific being a lack of skills in artificial intelligence (AI) and machine learning (ML), cited by 34% of those asked.
Cloud computing security, zero-trust implementation, digital forensics and incident response, and applications security were the others among the top five skills lacking in current cyber teams.
The current economic climate has led many organisations to cut costs, and though the number of cyber professionals has remained the same year-on-year, it’s possible cost concerns are stifling hiring and growth in this area, according to ISC2’s research.
Almost 40% of those asked said this lack of funding was the main reason for the shortage of cyber workers, with a quarter having seen redundancies, an increase of 3% on last year, and 37% have said there have been budget cuts over the past year.
Looking at LinkedIn job postings, ISC2 found that worldwide, the number of jobs posted for cyber security have either declined or stayed the same year-on-year, with only Spain and Mexico showing a significant growth in cyber job postings compared with last year, up 5.5% and 6.8% respectively.
Almost 60% of workers say this lack of cyber staff is actually putting their firms at increased risk of cyber incidents, especially with 74% saying the threat landscape is the worst it has been for five years.
“At a time when global instability and emerging technologies like AI are rapidly increasing the threat landscape, investment in skills development and the next generation of the cyber workforce is more crucial than ever,” said Woolnough. “This will enable cyber security professionals to meet these challenges and keep our critical assets secure.”
Impact on well-being
This shortage of cyber roles is not only posing a risk for businesses: it’s also having an impact on workers’ well-being in the workplace, with job satisfaction among cyber workers down 4% year-on-year, possibly as a result of increased workloads.
Currently, 31% of those asked by ISC2 said there are no entry-level members on their team, and 15% have no people in a junior-level position, indicating a lack of natural progression for those in a cyber career, as well as the possible reason for the difficulties some firms are having finding the talent they need.
Lowering the barriers to hiring could also help increase the numbers of cyber workers, as well as narrow the skills gap by ensuring those hired are given the skills applicable to their job as part of their on-boarding.
ISC2 highlighted three ways companies could include both the lack of cyber workers and the skills gaps the industry is facing, including continued skills development for all levels, more transparency around job expectations and the skills most in demand, and bringing new people into the cyber security sector.