Shortage of cyber professionals reaches 3.4 million

The global cybersecurity skills shortage shows no signs of abating, with the estimated shortage of security professionals increasing by 700,000 or 26% in the past 12 months, from 2.7 million to 3.4 million, according to the latest annual industry assessment by a certification body and trade association. (ISC)².

In his 2022 Cybersecurity Workforce Study(ISC)² found that while there are now 4.7 million active security professionals globally, 460,000 more than in 2021, the growing demand for their work among organizations scared of the he increasingly active threat environment means training and certification programs are struggling to fill the pipeline.

In the UK specifically, (ISC)² estimated that there were around 339,000 cyber professionals, up 13% year-on-year, but 56,811 workers were missing, up more than 70% year-on-year. year.

“Due to geopolitical tensions and macroeconomic instability, along with high-profile data breaches and growing physical security challenges, there is an increased focus on cybersecurity and growing demand for professionals in the field” , said Clar Rosso, CEO of (ISC)².

“The study shows us that retaining and attracting top talent is more important than ever. Professionals say loud and clear that company culture, experience, investment in training and education, and mentorship are paramount to keeping your team motivated, engaged, and effective.

Almost three-quarters of respondents to the study (ISC)² said their organization did not have enough cybersecurity employees and more than half of those experiencing workforce shortages felt that the lack of personnel exposed them to an increased risk of an incident. Concerns including lack of time for proper cyber risk assessment or management, increased monitoring of processes and procedures, delay in remediating critical systems, lack of time and resources for proper training and incorrect system configurations.

Respondents who indicated that their organization lacked security personnel tended to cite difficulty finding qualified talent, increased attrition and turnover of existing security personnel, lack of hiring budget, and lack of opportunities for growth or promotion. A significant number also said that their employer did not pay them competitive wages.

(ISC)² suggested that the way forward did not seem to be through external recruitment initiatives, but through the training of internal talent, rotation of job responsibilities, mentoring programs or the encouragement of employees outside the IT or cyber function to join the field.

He said his findings showed that organizations that take this route tend to be less likely to experience staff shortages.

For industry members, the annual survey found that job satisfaction tended to be high, with 75% saying they were somewhat or very satisfied with their jobs and passionate about their work. Respondents tend to be less satisfied with their teams, departments and organizations in general, but when they report issues, these tend to stem from the culture of the workplace rather than the nature of the cybersecurity job itself. -same.

As cyber professionals evolved, they tended to cite either opportunities for growth, such as a raise, promotion, or career advancement, or a negative company culture, burnout, or a poor work-life balance.

Security professionals also tended to be overwhelmingly positive about remote working, which has been widely embraced in the industry during the pandemic. Less than a quarter of security professionals worked from home before Covid-19, but 55% do so now, and more than half would consider quitting if they were no longer allowed to do so.

Among other things, security professionals tended to see themselves as more productive when allowed to work remotely, although those in leadership positions tended to disagree with this. They also cited the ability to work remotely as helpful in avoiding burnout.

The (ISC)² study also looked at issues related to an apparent generational divide that seems to be emerging in the sector. emotional health and having more voice within the organization to be more of a priority.

Younger security personnel tended to worry about what they perceived as a cultural gap, with older colleagues and the profession in general being accused of creating a culture of control – for example, artificial barriers such as demands for education or certification – which hinder their advancement.

The divide was most visible with regard to DEI within the security sector – another element the survey looked at – and this is most likely due to both generational culture shifts and changes demographics.

For example, women now make up 30% of cyber pros under 30, but only 14% of those over 60, while people of Black, Asian or Minority (BAME) origin made up 49% of cyber pros in under 30 years old. , but only 19% of those over 60.

The survey also revealed that the industry still has a problem with inclusivity, with a significant number of women and BAME cyberpros saying they feel discriminated against at work, while many others say they felt unable to be themselves at work, particularly when it came to neurodiversity, disability, or sexual or gender identity.

(ISC)² said they found that organizations that paid more attention to DEI and implemented DEI training and programs were also less likely to experience a shortage of security personnel – 19%, compared to 34% who did not. weren’t doing it.

Leave a Reply