(ISC)² – THE non-profit association of certified cyber security professionals – has highlighted a stark increase in the shortage of cyber security professionals. The findings of its 2022 (ISC)² Cyber Security Workforce Study reveal that the global cyber security workforce is now at an all-time high, with an estimated 4.7 million professionals operational. However, despite adding 464,000 more cyber security professionals this year, the data suggests that 3.4 million more cyber security workers are needed to secure assets on an effective basis.
70% of respondents report that their organisation does not have enough cyber security employees. More than 50% of respondents with workforce shortages feel that staff deficits put their organisation at a ‘moderate’ or ‘extreme’ risk of a cyber attack. For those organisations looking to mitigate staff shortages, the research suggests that initiatives designed to train internal talent, rotate job assignments, encourage mentorship programmes and entice employees from outside of IT or the security team to join the field are the most effective.
At the same time, the report finds that 72% of respondents expect their cyber security staffing numbers to increase somewhat or significantly within the next 12 months. Indeed, this is the highest predicted growth rate when compared to the last two years (53% in 2021 and 41% in 2020).
“As a result of geopolitical tensions and macroeconomic instability, alongside high-profile data breaches and growing physical security challenges, there’s now a greater focus on cyber security and, as a result, an increasing demand for professionals within the field,” explained Clar Rosso, CEO at (ISC)². “The study shows us that retaining and attracting strong talent is more important than ever. Professionals are saying loud and clear that corporate culture, experience, training and education investment and mentorship are paramount for keeping teams motivated, engaged and effective.”
The study takes a closer look at cultural and demographic shifts over the last year. In addition to an analysis of the changing workforce, the study also highlights the top issues with retention and focuses on workplace conditions such as burnout, the shift of racial, gender and ethnic diversity among younger cyber security professionals and the changing perception of certifications in the field, as well as the impacts from current events and future predictions of the cyber security workforce.
75% of respondents report strong job satisfaction, while the same percentage feel passionate about cyber security work, yet 70% of respondents still feel overworked. 68% of employees with low employee experience ratings indicate that workplace culture impacts their effectiveness in responding to security incidents.
Over half of workers who took part in the survey say that they would consider switching jobs if they’re no longer allowed to work remotely. Just 28% of study participants report that their organisation actively listens and values the input of all members of staff.
Diversity, equality and inclusion
55% of employees believe diversity will increase among their teams within two years. Nearly 25% of respondents below age 30 consider gatekeeping and generational tensions as Top Five challenges for the next two years, compared to 6% of those workers aged 60 or older.
30% of female and 18% of non-white employees feel discriminated against at work, while only 40% of respondents stated that their organisation offers employee-focused diversity, equality and inclusion-centred training.
Changing perceptions and current events
64% of respondents are seeking new certifications for skills growth and look to remain up-to-date with current security trends (53%). 20% of employees state that their organisation would increase their security budget as the result of a system breach. However. only 16% state that their organisation would hire additional IT staff.
61% of cyber security professionals are primarily concerned by the potential risks posed by emerging technology (eg blockchain, Artificial Intelligence and quantum computing, etc).
Online survey methodology
The 2022 (ISC)² Cyber Security Workforce Study is based on online survey data collected in collaboration with Forrester Research in May and June this year and involving 11,779 individuals responsible for cyber security at workplaces throughout North America, Latin America, the Asia-Pacific region, Europe, Africa and the Middle East.
Respondents in non-English speaking countries completed a locally translated version of the survey, while the sample size within each country was controlled to ensure a mix of company sizes and industries.
The (ISC)² Cyber Security Workforce Study is conducted on an annual basis to assess the cyber security workforce gap, better understand the barriers facing the cyber security profession and uncover solutions that enable individuals to excel in their profession, achieve their career goals and, ultimately, better secure their organisations’ critical assets.
*Download copies of the 2022 (ISC)² Cyber Security Workforce Study online at www.isc2.org/Research/Workforce-Study