Massive Workforce Increase Needed to Fight Cybercriminals

MSSPs and other cybersecurity providers can help organizations with cybersecurity staff shortages.

Edward Gately, Senior News Editor

November 6, 2019

4 Min Read
Massive Workforce Increase Needed to Fight Cybercriminals

The global cybersecurity workforce shortage has widened from 2.93 million up to more than 4 million in the past year as threats become more sophisticated and increase in volume.

That’s according to (ISC)2‘s 2019 Cybersecurity Workforce Study, which indicates a necessary cybersecurity workforce increase of 145%. The study is based on online survey data from more than 3,200 individuals responsible for security/cybersecurity throughout North America, Europe, Latin America and Asia-Pacific, more than double the respondent base in the 2018 study.

In the U.S. market, the current cybersecurity workforce estimate is 804,700 and the shortage of skilled professionals is 498,480, requiring an increase of 62% to better defend U.S. organizations.


(ISC)2’s Wesley Simpson

Wesley Simpson, (ISC)2’s COO, tells us that while the gap widening, “I wouldn’t say that no progress is being made.”

“We’re seeing growing numbers of women and younger people joining the field,” he said. “It’s about the speed at which we as an industry can begin to close that gap and how creative we can be about finding and nurturing talent. As the study highlights, certain regions are facing much larger challenges than others. The U.S. gap for instance looks much more manageable than in other places.”

Among the key findings from the study:

  • Sixty-five percent of organizations report a shortage of cybersecurity staff; a lack of skilled/experienced cybersecurity personnel is the top job concern among respondents (36%).

  • Two-thirds of respondents report that they are either somewhat satisfied (37%) or very satisfied (29%) in their jobs, and 65% intend to work in cybersecurity for their entire careers.

  • Thirty percent of respondents are women, 23% of whom have security-specific job titles.

  • Thirty-seven percent are below the age of 35, and 5% are categorized as Generation Z, under 25 years old. The Gen Z population is going to be a critical segment to attract to cybersecurity as baby boomers begin to retire, Simpson said.

  • Sixty-two percent of large organizations with more than 500 employees have a CISO, but that number drops to 50% among smaller organizations. It’s important to have someone setting the strategy, understanding the risk and communicating that to the board, the executive suite and the business, Simpson said.

  • Forty-eight percent of organizations represented said their security training budgets will increase within the next year.

  • The average North American salary for cybersecurity professionals is $90,000, and those holding security certifications have an average salary of $93,000 while those without earn $76,500 on average.

  • Fifty-nine percent of cybersecurity professionals are currently pursuing a new security certification or plan to do so within the next year.

  • Just 42% of respondents indicate that they started their careers in cybersecurity, meaning 58% moved into the field from other disciplines.

  • Top recruiting sources outside of the core cybersecurity talent pool include new university graduates (28%), consultants/contractors (27%), other departments within an organization (26%), security/hardware vendors (25%) and career changers (24%).

“While our study didn’t specifically break out the opinions on or need for MSSPs, it stands to reason that the lack of skilled cybersecurity professionals is…

…driving demand and new opportunities for partners who can fill the void and provide the expertise required to manage and implement security programs for a range of organizations,” Simpson said. “With the heated competition to hire full-time cybersecurity staff, working with MSSPs becomes an realistic alternative for many companies for both short-and long-term support.”

Four main strategies for building the workforce and recruiting new talent include: highlighting training and professional development opportunities; making sure the net is cast as wide as possible for undiscovered talent; attracting new workers such as recent college graduates who have tangential degrees to cybersecurity, or seasoned pros such as consultants and contractors into full-time roles; and strengthening from within by further developing and cross-training existing IT professionals with transferrable skills.

“There’s no sugarcoating it, if we don’t change our approach and start to flip the equation and shrink the gap soon, we’ll only see more harmful cyberattacks that compromise our critical data and the way we live our lives,” Simpson said. “We need to close the gap by making the next generation aware of how great this career is and put it in terms that they understand, find appealing and rewarding.”

According to new research by Comparitech, share prices of breached public companies hit a low point about 14 market days following a breach. Share prices fall 7.27% on average, and underperform on the Nasdaq by -4.18%. Breaches that leak highly sensitive information like credit card and Social Security numbers see larger drops in share price performance on average than companies that leak less sensitive information.

Read more about:


About the Author(s)

Edward Gately

Senior News Editor, Channel Futures

As news editor, Edward Gately covers cybersecurity, new channel programs and program changes, M&A and other IT channel trends. Prior to Informa, he spent 26 years as a newspaper journalist in Texas, Louisiana and Arizona.

Free Newsletters for the Channel
Register for Your Free Newsletter Now

You May Also Like