Massive Workforce Increase Needed to Fight Cybercriminals
The global cybersecurity workforce shortage has widened from 2.93 million up to more than 4 million in the past year as threats become more sophisticated and increase in volume.
That’s according to (ISC)2‘s 2019 Cybersecurity Workforce Study, which indicates a necessary cybersecurity workforce increase of 145%. The study is based on online survey data from more than 3,200 individuals responsible for security/cybersecurity throughout North America, Europe, Latin America and Asia-Pacific, more than double the respondent base in the 2018 study.
In the U.S. market, the current cybersecurity workforce estimate is 804,700 and the shortage of skilled professionals is 498,480, requiring an increase of 62% to better defend U.S. organizations.
Wesley Simpson, (ISC)2’s COO, tells us that while the gap widening, “I wouldn’t say that no progress is being made.”
“We’re seeing growing numbers of women and younger people joining the field,” he said. “It’s about the speed at which we as an industry can begin to close that gap and how creative we can be about finding and nurturing talent. As the study highlights, certain regions are facing much larger challenges than others. The U.S. gap for instance looks much more manageable than in other places.”
Among the key findings from the study:
- Sixty-five percent of organizations report a shortage of cybersecurity staff; a lack of skilled/experienced cybersecurity personnel is the top job concern among respondents (36%).
- Two-thirds of respondents report that they are either somewhat satisfied (37%) or very satisfied (29%) in their jobs, and 65% intend to work in cybersecurity for their entire careers.
- Thirty percent of respondents are women, 23% of whom have security-specific job titles.
- Thirty-seven percent are below the age of 35, and 5% are categorized as Generation Z, under 25 years old. The Gen Z population is going to be a critical segment to attract to cybersecurity as baby boomers begin to retire, Simpson said.
- Sixty-two percent of large organizations with more than 500 employees have a CISO, but that number drops to 50% among smaller organizations. It’s important to have someone setting the strategy, understanding the risk and communicating that to the board, the executive suite and the business, Simpson said.
- Forty-eight percent of organizations represented said their security training budgets will increase within the next year.
- The average North American salary for cybersecurity professionals is $90,000, and those holding security certifications have an average salary of $93,000 while those without earn $76,500 on average.
- Fifty-nine percent of cybersecurity professionals are currently pursuing a new security certification or plan to do so within the next year.
- Just 42% of respondents indicate that they started their careers in cybersecurity, meaning 58% moved into the field from other disciplines.
- Top recruiting sources outside of the core cybersecurity talent pool include new university graduates (28%), consultants/contractors (27%), other departments within an organization (26%), security/hardware vendors (25%) and career changers (24%).
“While our study didn’t specifically break out the opinions on or need for MSSPs, it stands to reason that the lack of skilled cybersecurity professionals is…