Cyber workforce size stalls despite skills shortages

New research from ISC2 shows that growth of the global cyber workforce has stalled at 5.5 million, but an estimated 10.2 million professionals are needed to effectively secure organizations.

This 4.8 million gap represents a 19 percent year-on-year increase. The survey of almost 16,000 cybersecurity practitioners and decision-makers globally shows that for the first time, participants cite 'lack of budget' as the top cause of their staffing shortages.

While 74 percent of professionals agree that the 2024 threat landscape is the most challenging it has been in the last five years, budget pressures on the cybersecurity workforce include 37 percent experiencing budget cuts (up seven percent from 2023). 25 percent are experiencing layoffs in their cybersecurity team (up three percent), 38 percent are experiencing hiring freezes (up six percent) and 32 percent are seeing fewer promotions (up six percent).

In addition to the workforce gap, 90 percent of respondents say that they face skills shortages at their organizations. More than half of those surveyed (58 percent) believe a shortage of skills puts their organization at significant risk, and 64 percent say skills gaps present a greater challenge to securing their organizations than staffing shortages.

"The ISC2 Cybersecurity Workforce Study highlights a concerning perception among cybersecurity professionals. After two years of declining investment in hiring and professional development opportunities, organizations are now facing significant skills and staffing shortages -- an issue that professionals warn is heightening overall risk," says ISC2 executive vice president of corporate affairs Andy Woolnough. "At a time when global instability and emerging technologies like AI are rapidly increasing the threat landscape, investment in skills development and the next generation of the cyber workforce is more crucial than ever. This will enable cybersecurity professionals to meet these challenges and keep our critical assets secure."

Lack of new talent is an issue too, 31 percent of participants say their security teams had no entry-level professionals, and 15 percent say they had no junior-level (one to three years of experience) professionals. Moreover, hiring managers -- 62 percent of whom currently had open roles on their teams -- are focusing on hiring mid to advanced level roles rather than a broad mix of experience and abilities

You can read more ahead of the publication of the full study next month on the ISC2 site.

Image Credit: Paradee Paradee/Dreamstime.com