ISC2 – the world's leading nonprofit member organization for cybersecurity professionals – estimates the global cybersecurity workforce has reached 5.5 million people, an 8.7% increase from 2022, representing 440,000 new jobs. While this is the highest workforce ISC2 has ever recorded, the 2023 ISC2 Cybersecurity Workforce Study brings to light that demand is still outpacing the supply. The cybersecurity workforce gap has reached a record high, with 4 million professionals needed to adequately safeguard digital assets. This year's study included a record 14,865 cybersecurity professionals.
The research also finds new challenges impacting professionals in the field, including economic uncertainty, artificial intelligence, fragmented regulations and skills gaps. Additionally, a challenging threat landscape continues to loom over the field, with 75% of cybersecurity professionals saying the current threat landscape is the most challenging it has been in the last five years. Only 52% believe their organization has adequate tools and people to respond to cyber incidents over the next two to three years.
The challenges facing cybersecurity professionals include:
Workforce and Skills Gaps:
● 92% of cybersecurity professionals report skills gaps at their organization
● The top three skills gaps at an organization are cloud computing security (35%), artificial intelligence/machine learning (32%), zero trust implementation (29%)
● 51% of organizations that have had cybersecurity layoffs have been impacted by one or more significant skills gaps compared to just 39% of organizations that have not had layoffs
● 47% of respondents experienced cutbacks, which included budget cuts, layoffs and hiring and promotion freezes
● 35% faced cuts to cybersecurity training programs, vital for skills development and workforce growth
● Two-thirds of respondents say that cutbacks have negatively impacted their productivity, team morale and increased their workload
● 57% said their response to threats has been inhibited by cutbacks, and 52% have seen an increase in insider risk-related incidents
● 31% of professionals believe that cutbacks will continue into 2024, and 70% expect those cutbacks to include layoffs
● 47% of respondents have no or minimal knowledge of artificial intelligence (AI)
● 47% see cloud computing security as the most sought-after skill for career advancement
● 45% of respondents foresee AI as their top challenge over the next two years
"While we celebrate the record number of new cybersecurity professionals entering the field, the pressing reality is that we must double this workforce to adequately protect organizations and their critical assets," said ISC2 CEO Clar Rosso, CC. "Amid the current threat landscape, which is the most complex and sophisticated it has ever been, the escalating challenges facing cybersecurity professionals underscore the urgency of our message: organizations must invest in their teams, both in terms of new talent and existing staff, equipping them with the essential skills to navigate the constantly evolving threat landscape. It is the only way to ensure a resilient profession that can strengthen our collective security."
Empowering Cybersecurity Workforce for the Future
Organizations are actively adopting strategies to strengthen their cybersecurity teams. Survey respondents say their organizations are investing in staff training (72%), offering flexible work conditions (69%), funding diversity, equity, and inclusion (DEI) programs (68%), supporting certifications (67%), and expanding their teams by recruiting, hiring and onboarding new staff (67%) to prevent or mitigate staff shortages.
Fostering Diversity and Inclusion in Cybersecurity
To promote a more diverse workforce, organizations are embracing DEI initiatives, incorporating skills-based hiring, and revising job descriptions to emphasize DEI goals.
Organizations adopting skills-based hiring have seen a positive impact, with an average of 25.5% women in their workforce compared to 22.2% among those who haven't embraced this initiative. However, there's still work to be done, as women represent only 26% of cybersecurity professionals under the age of 30.
DEI initiatives not only drive diversity but also boost workforce effectiveness. Organizations implementing DEI hiring practices report a stronger sense of preparedness among their cybersecurity professionals in dealing with cyber threats over the next two to three years.
Hiring for the Non-Technical Skills
In addition to technical proficiency in various skills, cybersecurity professionals stress the importance of non-technical attributes. Problem-solving skills (45%) top the list, followed by curiosity and eagerness to learn (39%) and effective communication (38%).
To explore the full report and discover additional actions organizations can take to bridge the global cybersecurity workforce gap, please visit: www.isc2.org/Research.