New research shows a widening of the global cybersecurity workforce gap to nearly three million across North America, Latin America, Asia-Pacific (APAC), and Europe, the Middle East and Africa (EMEA).
The 2018 (ISC)² Cybersecurity Workforce Study (formerly the Global Information Security Workforce Study) is based on feedback from a sample of professionals responsible for securing their organisations around the world.
It includes IT/ICT staff within organisations ranging from large enterprises to small businesses who may or may not have formal cybersecurity roles but do have hands-on responsibility for securing critical assets every day – spending at least 25% of their time on such activities.
Key insights revealed in the study include:
- Of the 2.93 million overall gap, the Asia-Pacific region is experiencing the highest shortage, at 2.14 million, in part thanks to its growing economies and new cybersecurity and data privacy legislation being enacted throughout the region
- North America has the next highest gap number at 498,000, while EMEA and Latin America contribute a 142,000 and 136,000 staffing shortfall, respectively
- 63% of respondents report that their organisations have a shortage of IT staff dedicated to cybersecurity. 59% say their companies are at moderate or extreme risk of cybersecurity attacks due to this shortage.
- 48% of respondents say their organizations plan to increase cybersecurity staffing over the next 12 months
- 68% of respondents say they are either very or somewhat satisfied in their current job
- Women represent 24% of this broader cybersecurity workforce (compared to 11% from previous studies), while 35% are Millennial or Gen Y (compared to less than 20% from previous studies)
- More than half of all respondents globally (54%) are either pursuing cybersecurity certifications or plan to within the next year
Some of the biggest career progression challenges respondents reported are:
- Unclear career paths for cybersecurity roles (34%)
- Lack of organisational knowledge of cybersecurity skills (32%)
- The cost of education to prepare for a cybersecurity career (28%)
The four areas cybersecurity pros feel they will need to develop most or improve on over the next two years in order to advance in their careers include:
- Cloud computing security
- Penetration testing
- Threat intelligence analysis
- Forensics
“This research is essential to fostering a clearer understanding of who makes up the larger pool of cybersecurity workers and enables us to better tailor our professional development programs for the men and women securing organizations day in and day out,” said (ISC)2 CEO David Shearer, CISSP. “We will share these powerful insights with our partners in government and the private sector to help establish the programs necessary to advance the cybersecurity profession. By broadening our view of the workforce to include those with collateral cybersecurity duties within IT and ICT teams, we discovered that professionals are still facing familiar challenges, but also found striking differences compared to previous research, including a younger workforce and greater representation of women.”
Download the full study at www.isc2.org/research.