(ISC)², one of the world’s largest non-profit associations of certified cybersecurity professionals – has highlighted a stark increase in the shortage of cybersecurity professionals as it announced the findings of its 2022 (ISC)² Cybersecurity Workforce Study.
The study reveals the global cybersecurity workforce is at an all-time high, with an estimated 4.7 million professionals. Despite adding 464,000 more cybersecurity professionals this year, the data revealed that 3.4 million more cybersecurity workers are needed to secure assets effectively.
A total of 70% of respondents report their organization does not have enough cybersecurity employees. And more than half of respondents with workforce shortages feel that staff deficits put their organization at a ‘moderate’ or ‘extreme’ risk of a cyberattack.
For organizations looking to mitigate staff shortages, the research suggests that initiatives to train internal talent, rotating job assignments, mentorship programs and encouraging employees outside of IT or the security team to join the field, were the most effective.
At the same time, the report finds that 72% of respondents expect their cybersecurity staff to increase somewhat or significantly within the next 12 months – the highest predicted growth rate when compared to the last two years (53% in 2021 and 41% in 2020).
“As a result of geopolitical tensions and macroeconomic instability, alongside high-profile data breaches and growing physical security challenges, there is a greater focus on cybersecurity and increasing demand for professionals within the field,” said Clar Rosso, CEO, (ISC)². “The study shows us that retaining and attracting strong talent is more important than ever. Professionals are saying loud and clear that corporate culture, experience, training and education investment and mentorship are paramount to keeping your team motivated, engaged and effective.”
The study takes a closer look at cultural and demographic shifts over the last year. In addition to an analysis of the changing workforce, the study also highlights the top issues with retention, concerning workplace conditions such as burnout, the shift of racial, gender and ethnic diversity among younger cybersecurity professionals, the changing perception of certifications in the field, as well as the impacts from current events and future predictions of the cybersecurity workforce. Key findings include:
Corporate Culture
- 75% of respondents report strong job satisfaction and the same percentage feel passionate about cybersecurity work, yet 70% of respondents still feel overworked
- 68% of employees with low employee experience ratings indicate workplace culture impacts their effectiveness in responding to security incidents
- Over half of workers say they would consider switching jobs if they are no longer allowed to work remotely
- Just 28% of study participants report their organization actively listens and values the input of all staff