The intensifying cybersecurity talent shortage is nearing a “danger level,” putting digital privacy and infrastructure at higher risk.

That’s according to new data by CyberSeek. It provides data about supply and demand in the cybersecurity job market.

From October 2019 through September 2020, there were 166,000 openings for information security analysts, but only 125,570 workers employed in those positions. That’s an annual talent shortfall of 40,430 workers for cybersecurity’s biggest job.

Furthermore, employers continued to struggle to find workers to fill an estimated 355,600 other job openings that request cybersecurity-related skills. On average, cybersecurity roles take 21% longer to fill than other IT jobs.

CyberSeek is a joint initiative among the National Initiative for Cybersecurity Education (NICE), Burning Glass Technologies and CompTIA.

What’s Behind the Shortage

Tim Herbert is CompTIA‘s executive vice president for research and market intelligence.

CompTIA’s Tim Herbert

“On one level, staffing challenges stem from the ongoing macro trend of digital transformation whereby firms of all sizes across all industry sectors need to bolster their cybersecurity defenses, processes and workforces to keep up with ever-expanding cybersecurity threats,” he said. “Many fields of cybersecurity are becoming more specialized, requiring equally specialized training and credentials. These further compound the challenge of employer demand for cyber talent exceeding the supply.”

On another level, as it relates to 2020, a CompTIA tracking survey conducted among IT firms found the top customer demand item during the initial wave of COVID-19 was cybersecurity-related inquiries.

“This could be customers needing cybersecurity expertise to assist with managing a full-time remote workforce, assessing cloud security robustness, managing security for new e-commerce or supply chain platforms, defending against the increased threat of ransomware, and a host of other needs brought on by the pandemic,” he said.

CyberSeek’s interactive heat map shows the latest numbers on the nation’s cybersecurity workforce. It provides detailed information on the size and characteristics of the cybersecurity workforce at the national, state and metro area levels.

Furthermore, CyberSeek’s interactive career pathway now includes detailed information on the many opportunities for careers within cybersecurity.

MSSPs Can Help

“MSSPs should be well positioned to support the increased demand for security consulting services, security audits, security deployments, governance and privacy issues, and ongoing security management,” Herbert said. “There is, of course, the usual need to align service offerings to customer need. This is especially critical now with many industry sectors and small business in general still struggling to stay afloat.”

Cybersecurity is a perpetual arms race, he said. Therefore, a sustained shortfall in developing and nurturing the cybersecurity workforce could lead to an increase in localized risk. That could then lead to a costlier and maybe even deadlier threat landscape.

“Theoretically this is possible, but that would assume no response from the market,” Herbert said. “If something becomes costlier, industry responds accordingly with increased investments to address the issue. In this context, it could mean the already high salaries for top-notch cybersecurity professionals could go even higher, which may then entice for candidates to enter a cybersecurity career pathway. Another outcome, which anecdotally, does appear to be a happening more frequently is the more direct involvement of employers in building their own cybersecurity pipeline through some combination of reskilling, upskilling and early stage career development.”