Cyber security is in a worrying state. The global workforce of cyber security professionals stands at 5.5 million people, but with ever-increasing demand for their services, the number of professionals needed to effectively secure every organisation has grown to over 10m for the first time.
The ISC2 Cyber security Workforce Study is an annual report on the state of the industry, and for the first time the rate of growth in the industry has fallen year-on-year, to just 0.1% growth rate in the number of professionals in the industry. The workforce gap (the difference between the number of people in the industry, and the number of professionals needed to effectively secure every organisation) has grown to an estimated 4.8 million.
Organisations of all types are struggling financially, as for the first time, participants cited “lack of budget” as the top cause of their staffing shortages, replacing “lack of qualified talent” as the top cause in all previous years. As businesses look to cut costs, many have placed cyber security spending on the chopping block. However, this lack of growth and shortage of workers leaves us all vulnerable.
74% of participants agreed that the 2024 threat landscape is the most challenging it has been in the last five years, and more than half of them said that a shortage of skilled staff is putting their organisation at risk.
The Future of Cyber Security Is At Risk
The stalled industry is not just a challenge facing organisations today, some findings in the study suggest this is a problem that will continue to roll on. Getting into cyber security is becoming more difficult, as budgets are squeezed and managers are forced to prioritise experience over potential. According to ISC2: “Nearly one-third (31%) of participants said their security teams had no entry-level professionals on their teams, and 15% said they had no junior-level (1-3 years of experience) professionals. Hiring managers – 62% of which currently had open roles on their teams – are focusing on hiring mid to advanced level roles rather than a broad mix of experience and abilities.”
Without enough new professionals coming into the field and being given training and development opportunities to become the experienced heads of tomorrow, cyber security will continue to struggle. There are also worrying signs at the other end of careers. Job satisfaction has taken a downward turn this year. In 2022 this same study put job satisfaction in cyber security at 74%. Last year it was 70%. In 2024 it’s fallen again to 66%.
With fewer professionals happy in their positions, perhaps even looking to leave the industry, it’s no surprise that growth in cyber security is grinding to halt. However, the cyber crime industry is booming. The U.S. Agency for International Development put the global cost of cyber crime at $8 trillion in 2023, but estimate that will rise to $23.84 trillion by 2027. Without heavy investment in the sector, cyber security professionals will be facing that increase woefully unprepared.
Andy Woolnough, ISC2 Executive Vice President of Corporate Affairs, said: “At a time when global instability and emerging technologies like AI are rapidly increasing the threat landscape, investment in skills development and the next generation of the cyber workforce is more crucial than ever. This will enable cyber security professionals to meet these challenges and keep our critical assets secure.”
It’s Not Just People, There’s A Skills Gap Too
The report revealed that 90% of organisations have skills gaps in their security teams, and 64% of respondents believe that skills shortages challenge their security efforts more than staffing shortages alone. More than half of those surveyed (58%) believe a shortage of skills puts their organisation at significant risk. These skills came back as the top reported gaps in organisations (no prizes for guessing the top one):
- AI (34%)
- Cloud computing security (30%)
- Zero trust implementation (27%)
- Digital forensics and incident response (25%)
- Application security (24%)
Andy Woolnough, ISC2 Executive Vice President of Corporate Affairs, said: “At a time when global instability and emerging technologies like AI are rapidly increasing the threat landscape, investment in skills development and the next generation of the cyber workforce is more crucial than ever. This will enable cyber security professionals to meet these challenges and keep our critical assets secure.”
Addressing the Shortage
To address the shortage of skilled cyber security professionals and get the industry growing again to protect us all, we need to change how organisations think about cyber security. These are just a few ways of closing the gap:
- Invest In Cyber security: There are lots of things that must happen to address the shortage, but they all come back to the issue of investment. Staff cannot be hired or trained to fill gaps without proper investment in the industry. When looking at areas to cut back on, organisations cannot afford to lose the protection that cyber security provides.
- Education and Training Programs: Encourage and support ongoing education and training for existing staff. This includes providing opportunities for certifications, courses, and workshops to enhance skills and bridge gaps.
- Apprenticeship Programs: Establish cyber security apprenticeship programs that offer real-world, hands-on experience for aspiring professionals. These programs provide valuable training and create a pipeline of skilled individuals.
- Use Managed Security Services: Organisations can leverage managed security services and outsourced security providers to supplement their in-house teams. These services provide access to a broader pool of cyber security experts.
- Government Support: Advocate for government initiatives and incentives that support cyber security workforce development. These may include grants, tax incentives, or regulatory support for training programs.
The shortage of cyber security staff is a growing issue that needs proactive and innovative solutions. By investing in education, training, collaboration, and technology, organisations can build a robust cyber security workforce better equipped to protect against the evolving threat landscape. Addressing this shortage is not only a matter of security but also a crucial step in safeguarding sensitive data and ensuring the resilience of businesses in an increasingly digital world.
If you’re concerned about a shortage of cyber security in your organisation, reach out to our experts at OmniCyber Security as soon as possible. Our team can help you identify weaknesses in your defences, and tailor solutions to suit your unique needs and budget. Your security is our responsibility.Bottom of Form