Cybersecurity workforce gap grows 26% in 2022

The global cybersecurity workforce gap has increased by 26.2% compared to 2021, with 3.4 million additional workers needed to effectively secure assets, according to the (ISC)2 2022 Cybersecurity Workforce Study.

This represents a sharp increase in the shortage of cybersecurity professionals from 2021, which stood at 2.72 million. The research interviewed 11,779 people responsible for cybersecurity.

Expand recruitment

While the dramatically increased gap is a big cause for concern, it also indicates that organizations are taking cybersecurity more seriously, according to (ISC)2 CEO Clar Rosso, speaking exclusively to Infosecurity.

“While we saw the gap narrow during the height of the pandemic, most countries are well advanced in their post-pandemic recovery and are continuing the digital transformation of a variety of back-office and hospitality functions. public. As a result, workforce hiring and expansion rebounded in a number of sectors post-pandemic, including cybersecurity, driving both the growth of the active workforce and the growing unmet demand for cybersecurity practitioners. It’s also encouraging, as the gap demonstrates an increased awareness among organizations of the value of cybersecurity within their operations.

Nonetheless, the need for additional cybersecurity personnel on top of an existing skills gap puts organizations at significant risk. More than two-thirds (70%) of respondents said their organization did not have enough dedicated cybersecurity employees, and more than half said staffing shortages put their organization at risk. at a “moderate” or “extreme” risk of cyberattack.

Encouragingly, 72% of respondents expect their cybersecurity staff to increase somewhat or significantly over the next 12 months, which is higher than the figures from the last two surveys (53% in 2021 and 41% in 2020 ). This follows the 11% increase in workers recorded this year. “The fact that membership has increased by 11%, to some 464,000, is cause for celebration. Adding nearly half a million people to the active workforce is a significant investment in cybersecurity and defense,” Rosso said. Infosecurity.

Rosso also recognized the importance of government and industry-wide initiatives to help organizations grow their workforce, particularly the ability to recruit people from non-traditional backgrounds.

“Significant strides in closing the cybersecurity skills gap can be made through government and industry initiatives to expand the talent pool and bring greater diversity and accessibility to cybersecurity jobs. Efforts like our own One Million Certified in Cybersecurity program, offering courseware and the exam for the (ISC)2 Certified in Cybersecurity certification free of charge to one million people worldwide and 100,000 people in the UK are an opportunity to bring a whole new generation of cybersecurity professionals into the workforce. From recent graduates to career-changing professionals and IT professionals looking to boost their cybersecurity skills, programs such as this remove many of the barriers of economics, experience and accessibility to entry that have limited the growth of the talent pool and active workforce,” she pointed out.

Internal factors

Although finding enough qualified talent was cited as the top cause of cybersecurity staffing shortages (43%), research showed that there are many other internal factors that organizations should work on to fill the gap. skills deficit.

These included struggling to keep up with turnover/attrition (33%), not paying a competitive salary (31%), not having the budget (28%), not providing opportunities growth/promotion to security staff (24%) and not devoting enough resources to training non-security IT staff to become security staff (23%).

Unsurprisingly, stress and burnout were top concerns for cybersecurity professionals, with 70% feeling overworked. Additionally, work culture and conditions were a key consideration in determining whether an employee would leave their job. For example, more than half would consider changing jobs if they were no longer allowed to work remotely.

While three-quarters of respondents reported both high job satisfaction and a sense of passion for cybersecurity work, 68% of respondents with low employee ratings indicated that workplace culture work has an impact on their effectiveness in responding to security incidents. Additionally, only 28% said their organization actively listens and values ​​input from all staff.

A significant proportion of organizations appear to be taking steps to address these areas. Almost two-thirds (64%) of respondents said their organization was providing more flexible working arrangements (e.g. work from home/work from anywhere), investing in training (64%) and recruiting, hiring and onboarding new employees (62%).

In the report’s press release, Rosso noted that retaining and attracting strong talent is more important than ever. “Professionals say loud and clear that company culture, experience, investment in training and education, and mentorship are paramount to keeping your team motivated, engaged and effective,” she said. .

The study also looked at diversity, equity, and inclusion (DEI) within cybersecurity teams. More than half (55%) of employees believe that diversity will increase within their teams over the next two years. However, 30% of women and 18% of non-white employees said they felt discriminated against at work, and only 40% of organizations offer DEI training to employees.

Reasons for optimism

Summarizing the report to InfosecurityRosso stressed that there were signs of optimism despite the challenges faced.

“We see a positive outlook for greater diversity in the workforce,” she said. “Respondents also reported a strong preference for remote work, something many now appreciate as a by-product of pandemic workplace change that has significantly improved accessibility to cybersecurity employment and is helping efforts to increase well-paying job opportunities outside of London and major cities. Coupled with a strong organizational investment in training and professional development, this knowledge represents encouraging progress in both closing the gap and retaining the skilled professionals we already have.

Leave a Reply