Cybersecurity workforce reaches record highs but skills gap grows too

The cybersecurity workforce grew in 2023 to a record high of 5.5 million people, but the demand for skills is still outpacing growth.

A new guide from the UK's Chartered Institute of Information Security (CIISec) and ISC2 shows that globally, the cyber skills gap grew by 12.6 percent last year, with four million additional workers needed to fill the void, making recruitment more important than ever.

The guide offers advice to organizations ranging from how to identify and support new recruits, to retaining skilled employees -- all from a broad array of backgrounds. Recommendations include looking beyond traditional job portals, perhaps seeking young talent directly on social media, tech communities or even in gaming arcades.

Hire should look at transferable and non-technical skills, for example a finance professional’s risk management capabilities would be invaluable to the cybersecurity industry. Continuous training and mentoring can ensure new hires and existing staff are kept up to date with the latest trends, tools, and best practices of the fast-moving security industry.

"Despite more people working in the cybersecurity industry than ever before, we're not doing enough to retain them," says Amanda Finch, CEO of CIISec. "The industry desperately needs guidance on how to improve hiring practices or we'll lose out to other sectors, which we can't afford. But retaining talent is just as important as attracting it, and organizations have to do more to support staff at all levels, equipping them to succeed."

CIISec data shows that just 14 percent of cybersecurity professionals have a fully defined career path, so it’s vital to give employees the right support to succeed.

It's also important to pay the right salary, as new graduates often cycle through roles early in their careers to maximise earnings. Organizations must incentivize talent to stay by paying the going rate.

"The cybersecurity industry needs to recognise the need for greater diversity in teams urgently," says Clar Rosso, CEO at ISC2. "We must shift our mentality and understand that the right people do not need to come from a traditional cyber background. By welcoming inclusivity and removing barriers to the profession, the cybersecurity industry will find new ways to solve challenges, and have a larger pool of talent to hire from."

You can download the guide from the ISC2 site.

Image credit: Africa Studio/Shutterstock