2022 (ISC)² Cybersecurity Workforce Study sheds light on the demand for cybersecurity talent with the gap growing twice as much as the workforce with a 26.2% year-over-year surge
(ISC)² – the world’s largest non-profit association of certified cybersecurity professionals – today highlighted a stark increase in the shortage of cybersecurity professionals as it announced the findings of its 2022 (ISC)² Cybersecurity Workforce Study. The study reveals the global cybersecurity workforce is at an all-time high, with an estimated 4.7 million professionals. Despite adding 464,000 more cybersecurity professionals this year, the data revealed that 3.4 million more cybersecurity workers are needed to secure assets effectively.
70% of respondents report their organisation does not have enough cybersecurity employees. And more than half of respondents with workforce shortages feel that staff deficits put their organisation at a “moderate” or “extreme” risk of a cyberattack. For organisations looking to mitigate staff shortages, the research suggests that initiatives to train internal talent, rotating job assignments, mentorship programs and encouraging employees outside of IT or the security team to join the field were the most effective.
At the same time, the report finds that 72% of respondents expect their cybersecurity staff to increase somewhat or significantly within the next 12 months – the highest predicted growth rate when compared to the last two years (53% in 2021 and 41% in 2020).
“As a result of geopolitical tensions and macroeconomic instability, alongside high-profile data breaches and growing physical security challenges, there is a greater focus on cybersecurity and increasing demand for professionals within the field,” said Clar Rosso, CEO, (ISC)². “The study shows us that retaining and attracting strong talent is more important than ever. Professionals are saying loud and clear that corporate culture, experience, training and education investment and mentorship are paramount to keeping your team motivated, engaged and effective.”
The study takes a closer look at cultural and demographic shifts over the last year. In addition to an analysis of the changing workforce, the study also highlights the top issues with retention, concerning workplace conditions such as burnout, the shift of racial, gender and ethnic diversity among younger cybersecurity professionals, the changing perception of certifications in the field, as well as the impacts from current events and future predictions of the cybersecurity workforce. Key findings include:
Corporate Culture
- 75% of respondents report strong job satisfaction and the same percentage feel passionate about cybersecurity work, yet 70% of respondents still feel overworked
- 68% of employees with low employee experience ratings indicate workplace culture impacts their effectiveness in responding to security incidents
- Over half of workers say they would consider switching jobs if they are no longer allowed to work remotely
- Just 28% of study participants report their organisation actively listens and values the input of all staff
Diversity, Equity and Inclusion
- 55% of employees believe diversity will increase among their teams within two years
- Nearly 25% of respondents below age 30 consider gatekeeping and generational tensions as top-five challenges for the next two years, compared to 6% of workers 60 or older
- 30% of female and 18% of non-white employees feel discriminated against at work, and only 40% of respondents state their organisation offers employee DEI training
Changing Perceptions and Current Events
- 64% of respondents seek new certifications for skills growth and stay current with security trends (53%)
- 20% of employees state that their organisation would increase their security budget as the result of a breach, however only 16% state that their organisation would hire additional IT staff
- 61% of cybersecurity professionals are primarily concerned by the potential risks of emerging technology (e.g., blockchain, AI, VR, quantum computing, etc.)
The opinions expressed in this post belong to the individual contributors and do not necessarily reflect the views of Information Security Buzz.