Isc2 Blog

Cyber security skills gap reaches all-time high

(ISC)² have written about the cyber security workforce and skills gap - both top concerns for the industry. As one of Firebrand's most valued clients, we've published it also. Check it out.

In recent years, the cyber security job market has successively broken its own records for growth. In 2019 it has again outdone itself with an estimated four million unfulfilled jobs. In this post, guest author Chris Green shares the highlights of (ISC)²'s 2019 cyber security workforce research.

To say that the need for cyber security skills in organisations globally remains robust is an understatement.
Demand has exceeded supply for many years, but we have reached a new high in terms of the global skills gap and the deficit of recognised and current cyber security skills to address key roles and functions.

The annual (ISC)² Cyber security Workforce Study for 2019 has just been released, shining a spotlight on some significant findings about the state of the industry, the shortage of skilled professionals and, for the first time, charting the size of the current active workforce across key markets.

The Size of the Workforce 

In total, the cyber security industry in the UK, US and nine other major global economies currently employs 2.8 million professionals. This makes for a significant industrial group, yet it continues to fall short of fulfilling the complete cyber security skills and personnel needs of the public and private sectors combined. 
To do this would require another four million professionals to fully close the gap. It is a supply and demand problem the industry continues to struggle with.

Looking at the size of the workforce in major European markets, we see that the UK has 289,000 cyber security professionals, alongside 133,000 in Germany and 121,000 in France. 
We have concluded from the findings that US organisations currently employ 804,700 cyber security professionals, and it would take a 62% increase there to fill the current shortage of 498,480 workers.

The gap in Asia Pacific is 2.6 million and 291,000 in Europe.

Blog Image 1

Mind the Gap

Finding another four million skilled professionals, or rather, increasing the active and qualified cyber security workforce by 145%, is no trivial exercise, especially in the key markets examined for this study.

In total, we looked across the US, UK, Canada, Germany, France, Australia, Singapore, Brazil, Mexico, Japan and South Korea for this study, arguably the most significant economies for cyber security with the exception of China and India. 
China and India were not specifically part of this study due to the limited information available about the size of the business sector in both markets. Nonetheless, both economies have experienced substantial economic growth fuelled by digital transformation and technology, adding to the growing need for cyber security skills. 
In all cases, the shortage makes it more difficult for organisations to address cybercrime, maintain systems and combat emerging threats.

Top Concerns

The cyber security skills gap is growing, by roughly 33% from nearly three million in 2018. A surge in hiring amid the digital transformation of more organisations has put further pressure on the supply and demand situation.

Understandably, there is considerable urgency needed here, and the growing gap is as a result of genuine need rather than hedging.

The bolstering of cyber security teams is taking place in the face of data breaches, cyber-attacks and even greater regulatory scrutiny – all real-world issues for business and public sector bodies alike. Cyber security risks and challenges remain a top business concern for CEOs globally.

The 2019 Workforce Study found that two thirds (65%) of firms are grappling with a shortage of cyber security staff.

The shortage of qualified professionals is the primary concern for over a third (36%) of survey respondents, who expressed concern that the skills shortfall was a bigger issue than a lack of resources to do their jobs, cited by just around 27% and a similar number who pointed to a shortage of budget (24%).

Overall, the skills shortage creates moderate or extreme enterprise risk, according to more than half (51%) of the sample.

Blog Image 2

Strategies for Change

As a result of the findings, the study lays out four strategies for consideration to tackle the cyber security skills gap:

  • Address cyber security team members’ needs with training and career development opportunities
  • Properly set internal expectations about applicant qualifications to widen the search for candidates as much as possible
  • Target recent college and university graduates, along with workers with degrees relevant to cyber security
  • Grow your cyber security team from within with further development and cross-training opportunities

All of these strategies are based on two core concepts – set reasonable expectations and be open-minded about who qualifies for cyber security positions.

In many cases, companies have asked too much of current and potential employees, or have searched too narrowly, which has obstructed the building of their cyber teams.

About the Study

The survey sample included a range of cyber security roles, including CISO, IT director, security analyst, security administrator and compliance officer. The study polled 3,237 individuals responsible for security/cyber security, more than double the number in the 2018 study (1,452).