Cyber sector growth exacerbating skills shortage

Data from security association (ISC)² shows demand for cyber pros is still outpacing supply as the sector continues an upward growth trajectory

Despite around 700,000 new entrants to the cyber security profession, demand continues to outpace the supply of talent, according to new research data compiled by certified cyber pro association (ISC)², which estimates that the workforce needs to expand by 65% to effectively defend critical assets.

The association’s latest study revealed how the resilient growth trajectory of the security sector is exacerbating the ongoing shortage of security professionals, even though the skills gap has in fact dropped by several hundred thousand in the past year.

(ISC)² calculates a shortfall of 2.72 million professionals worldwide, down from 3.12 million last year, but this was found to be entirely down to increased hiring in Asia-Pacific (APAC), the only region where the workforce gap decreased.

In every other region the shortage grew more pressing, and (ISC)² suggested this may be down to the slower-than-hoped-for economic recovery from the pandemic, and its impact on small businesses and sectors such as IT services. This led to softer demand for cyber pros in the Americas and Europe. The more effective response to Covid-19 in countries such as China, Japan, Korea, Singapore and Taiwan, as well as Australia and New Zealand, potentially support this theory.

“Any increase in the global supply of cyber security professionals is encouraging, but let’s be realistic about what we still need and the urgency of the task before us,” said Clar Rosso, CEO of (ISC)².

“The study tells us where talent is needed most and that traditional hiring practices are insufficient. We must put people before technology, invest in their development and embrace remote work as an opportunity,” she said. “And perhaps most importantly, organisations must adopt meaningful diversity, equity and inclusion practices to meet employee expectations and close the gap.”

Currently, the most in-demand cyber skills – which align in this instance with the US government’s National Initiative for Cybersecurity Education (Nice) – include defined categories such as secure provision (cited by 48% of responding organisations), analysis (cited by 47%), and protection and defence (again 47%), although strong demand was seen across all categories.

Read more about cyber security careers

Those organisations forced to stretch their cyber security reams to breaking point said they increasingly experienced problems such as misconfigured systems, a lack of time to conduct proper risk assessment and management, more time taken to patch newly disclosed vulnerabilities, and rushed IT deployments.

However, participants in (ISC)²’s annual study also shared fresh perspectives into how organisations are overcoming cyber workforce gaps, including more training, providing more flexible working conditions, and improving diversity, equity and inclusion initiatives.

More technical approaches included increased use of cloud service providers, deploying more automated security tools for manual tasks and involving existing cyber security staff earlier in third-party relationships.

Nevertheless, the report also highlighted some positives; the vast majority, a record 77% of respondents, said they were either satisfied or extremely satisfied in their work, and there was also evidence that initiatives to recruit a more diversely skilled workforce from beyond the ICT sector are paying off, with 17% of new entrants transitioning from outside the sector – not necessarily ballet.

Average salaries also increased, by 9.5% year-on-year in US dollar terms.

Read more on Business continuity planning

Data Center
Data Management