Despite 59% of cybersecurity professionals saying the widening workforce gap puts their organizations at risk, a majority of workers report strong job satisfaction and are focused on developing new skills
Key insights revealed in the study include:
- Of the 2.93 million overall gap, the Asia-Pacific region is experiencing the highest shortage, at 2.14 million, in part thanks to its growing economies and new cybersecurity and data privacy legislation being enacted throughout the region
- North America has the next highest gap number at 498,000, while EMEA and Latin America contribute a 142,000 and 136,000 staffing shortfall, respectively
- 63% of respondents report that their organizations have a shortage of IT staff dedicated to cybersecurity. 59% say their companies are at moderate or extreme risk of cybersecurity attacks due to this shortage.
- 48% of respondents say their organizations plan to increase cybersecurity staffing over the next 12 months
- 68% of respondents say they are either very or somewhat satisfied in their current job
- Women represent 24% of this broader cybersecurity workforce (compared to 11% from previous studies), while 35% are Millennial or Gen Y (compared to less than 20% from previous studies)
- More than half of all respondents globally (54%) are either pursuing cybersecurity certifications or plan to within the next year
- Some of the biggest career progression challenges respondents reported are:
o Unclear career paths for cybersecurity roles (34%)
o Lack of organizational knowledge of cybersecurity skills (32%)
o The cost of education to prepare for a cybersecurity career (28%)
- The four areas cybersecurity pros feel they will need to develop most or improve on over the next two years in order to advance in their careers include:
o Cloud computing security
o Penetration testing
o Threat intelligence analysis
A New Cybersecurity Workforce Gap Analysis
In addition to a broader view of the cybersecurity workforce, the 2018 (ISC)² Cybersecurity Workforce Study introduces a new gap analysis methodology. Unlike legacy gap calculation models that simply subtract supply from demand, this calculation takes other critical factors into consideration, including the percentage of organizations with open positions and the estimated growth of companies of different sizes. The calculation of demand includes the openings that are currently available, along with an estimation of future staffing needs. The calculation of supply includes estimates for academic and non-academic entrants into the field, along with estimates of existing professionals who are moving into cybersecurity specialties. This more holistic approach to measuring the gap produces a more realistic representation of the security challenges—and opportunities—that both companies and cybersecurity pros are facing worldwide.
For more data points and additional context on the cybersecurity workforce gap. download the full study at www.isc2.org/research.
About the (ISC)2 Cybersecurity Workforce Study
(ISC)2 conducts in-depth research into the challenges and opportunities facing the cybersecurity profession. The (ISC)2 Cybersecurity Workforce Study (formerly the Global Information Security Workforce Study) is conducted regularly to assess the cybersecurity workforce gap, better understand the barriers facing the cybersecurity profession, and uncover solutions that position these talented individuals to excel in their profession, better secure their organizations’ critical assets and achieve their career goals. Learn more atwww.isc2.org/workforce-study.
(ISC)² commissioned Spiceworks to conduct a survey in August 2018. This survey targeted cybersecurity professionals worldwide to measure the gap in the cybersecurity workforce in companies of all sizes and to understand current perceptions and practices around cybersecurity. Survey results included responses from approximately 1,452 participants throughout North America, Latin America, Asia-Pacific and Europe.
(ISC)² is an international nonprofit membership association focused on inspiring a safe and secure cyber world. Best known for the acclaimed Certified Information Systems Security Professional (CISSP®) certification, (ISC)² offers a portfolio of credentials that are part of a holistic, pragmatic approach to security. Our membership, over 138,000 strong, is made up of certified cyber, information, software and infrastructure security professionals who are making a difference and helping to advance the industry. Our vision is supported by our commitment to educate and reach the general public through our charitable foundation – The Center for Cyber Safety and Education™. For more information on (ISC)², visitwww.isc2.org, follow us on Twitter or connect with us on Facebook and LinkedIn.
© 2018, (ISC)² Inc., (ISC)², CISSP, SSCP, CCSP, CAP, CSSLP, HCISPP, CCFP, CISSP-ISSAP, CISSP-ISSEP, CISSP-ISSMP and CBK are registered marks, of (ISC)², Inc.