The latest report into the world of cyber security has just been published by the International Information System Security Certification Consortium (ISC)2, and it makes pretty tough reading.
The report is an annual look into the cyber security industry which explores hiring, team culture, job satisfaction, career pathways, professional development and the future of cybersecurity work.
14,865 international practitioners and decision-makers were surveyed for the report to give an in-depth view of the industry. 75% of respondents said that the current threat landscape is the most challenging it has been in the past five years.
Key takeaways from the survey
THE CYBERSECURITY WORKFORCE AND GAP HAVE BOTH GROWN. In the past year, the cybersecurity workforce has grown by 8.7%. In addition, the gap between the number of workers needed and the number available has also continued to grow, with a 12.6% increase year over year.
(ISC)2 estimates the global cybersecurity workforce at 5.5 million, representing an 8.7% increase year over year and nearly 440,000 new jobs. All regions saw growth this year, but these gains are particularly high in our two new Middle East countries (Saudi Arabia & the UAE), Asia-Pacific and North America. Japan in particular is growing at a rapid rate — 24% year over year. Latin America, after years of substantial growth, is starting to balance out, with Brazil decreasing from an 18.3% growth rate in 2022 to 8.9% this year, and Mexico dropping slightly year over year.
STAFFING SHORTAGES AND SKILLS GAPS ARE CONSISTENT CHALLENGES. 67% of respondents reported that their organization has a shortage of cybersecurity staff needed to prevent and troubleshoot security issues. And 92% report having skills gaps in their organization — the most common being cloud computing security, AI/ML and Zero Trust implementation.
ONGOING EDUCATION AND TRAINING HELP SHRINK SKILLS GAPS. 58% of cybersecurity professionals said that the negative impact of worker shortages can be mitigated by filling key skills gaps. Those who continue their training, education and certification reimbursement programs were far better prepared to weather times of economic uncertainty. Organizations with layoffs who kept these programs, were less likely to experience significant organizational skills gaps in cybersecurity.
CYBERSECURITY PROFESSIONALS FACE AN UNPRECEDENTED THREAT LANDSCAPE. 75% of cybersecurity professionals view the current threat landscape as the most challenging it has been in the past five years, and only 52% believe that their organization has the tools and people needed to respond to cyber incidents over the next two to three years. Those with shortages and skills gaps are far more worried about being able to keep their organizations secure.
TIMES OF ECONOMIC UNCERTAINTY POSE SIGNIFICANT THREATS TO CYBERSECURITY. 71% of respondents agree that periods of economic uncertainty increase the risk of malicious insiders. 39% of cybersecurity professionals have been approached or know someone who has been approached by a malicious actor. Those at companies that have had layoffs in cybersecurity are three times more likely to have been approached to act as a malicious insider.
JOB SATISFACTION TOOK A SLIGHT DIP BUT REMAINS HIGH. 70% of cybersecurity professionals say they are satisfied with their jobs today, which represents a 4% drop from last year. This seems to be due in large part to cutbacks and layoffs.
PATHWAYS INTO CYBERSECURITY ARE SHIFTING. There has been a significant shift in who is entering the cybersecurity profession and how they are doing it. The study found that new workers are significantly more likely to have received a bachelor’s degree in cybersecurity before entering the field and are also more likely to previously have worked in a non-IT role. They are less likely to have worked in IT before entering. There are significantly more people entering cybersecurity later in their career and that the gender and ethnic breakdowns of the new workforce have undergone a considerable shift.
ORGANIZATIONS NEED PROFESSIONALS WITH CLOUD COMPUTING SKILLS, BUT THEY ARE HARD TO FIND. The study found that cloud computing security is the skill that hiring managers most look for when hiring. However, it is also the most common area where respondents cited their organization having a skills gap.
AI/ML IS BECOMING INCREASINGLY CRITICAL. This year, for the first time, AI/ML skills were among the top five in terms of demand, representing a significant jump since last year when they were near the bottom of the list.
CYBERSECURITY PROFESSIONALS VALUE EXPERIENCE OVER FORMAL EDUCATION. Cybersecurity professionals were asked to compare qualifications to understand what they value most in potential candidates and found that they value experience over education. Professionals favour senior-level experience over doctorate degrees (86% vs. 14%) and entry-level cybersecurity experience over
cybersecurity bachelor’s degrees (70% vs. 30%).
