New research from (ISC)² sheds light on what it would take to close the longstanding cyber workforce shortage, and the answer is a big number. According to new research from the nonprofit, the cybersecurity profession needs to grow by 3.4 million people to close the global workforce gap.
This 3.4 million gap persists even after the cyber workforce grew by nearly half a million new cybersecurity professionals this year. Despite adding new cyber professionals to the workforce, (ISC)² found that there was a 26.2 percent year-over-year surge in demand for cybersecurity professionals.
The 2022 (ISC)² Cybersecurity Workforce Study surveyed more than 11,000 cybersecurity professional across the world. The overwhelming majority – 70 percent – of respondents said their organization does not have enough cybersecurity employees. Concerningly, more than half of respondents who said they experienced workforce shortages feel that staff deficits put their organization at a “moderate” or “extreme” risk of a cyberattack.
In terms of mitigating staff shortages in the short term, (ISC)² found that initiatives to train internal talent, rotating job assignments, mentorship programs, and encouraging employees outside of IT or the security team to join the field were the most effective. Despite most respondents experiencing staffing shortages, 72 percent of respondents do expect their cybersecurity staff to increase somewhat or significantly within the next 12 months.
“As a result of geopolitical tensions and macroeconomic instability, alongside high-profile data breaches and growing physical security challenges, there is a greater focus on cybersecurity and increasing demand for professionals within the field,” said Clar Rosso, CEO of (ISC)². “The study shows us that retaining and attracting strong talent is more important than ever. Professionals are saying loud and clear that corporate culture, experience, training and education investment and mentorship are paramount to keeping your team motivated, engaged and effective.”
Pivoting away from staffing shortages, the survey also examined how comfortable cybersecurity professionals feel with their organizations culture.
Three quarters of respondents report strong job satisfaction and feel passionate about cybersecurity work. However, despite that satisfaction, 70 percent of respondents feel overwhelmed. Of the respondents who reported a negative employee experience, 68 percent said that workplace culture impacts their effectiveness in responding to security incidents.
During the COVID-19 pandemic, many cybersecurity roles became fully remote or hybrid. Cybersecurity pros do not want to give that flexibility up, with more than half of workers saying they would consider switching jobs if they are no longer allowed to work remotely
More than half – 55 percent – of employees said that diversity will increase among their teams within two years. However, despite optimism about the future, 30 percent of female and 18 percent of non-white employees feel discriminated against at work. Only 40 percent of respondents state their organization offers employee Diversity, Equity, and Inclusion training
Looking along generational lines, roughly a quarter of respondents below age 30 consider “gatekeeping” and “generational tensions” as top-five challenges for the next two years, compared to six percent of workers 60 or older.