Cyber threats pose one of the most significant risks to businesses, governments, and individuals today. As the world becomes more interconnected and data-driven, the need for cybersecurity talent has never been greater. However, a new study from ISC2 reveals that the supply of cybersecurity professionals worldwide continues to lag far behind demand.
The 2023 ISC2 Cybersecurity Workforce Study estimates that the global cybersecurity workforce now stands at 5.5 million people. While this represents growth of 8.7% over the past year, the workforce gap has exploded even faster. There are now 4 million unfilled cybersecurity positions around the world, an increase of 12.6% in just the past year.
This skills gap represents a critical vulnerability. Without enough competent professionals to secure systems, assess risks, and respond to threats, organizations in every industry are dangerously exposed. The costs of cybercrime continue to rise, with estimates of more than $6 trillion in damages globally per year by 2025.
Unfortunately, every indication is that the skills gap will continue to widen. Cybersecurity is one of the fastest-growing professions, with demand far outpacing supply even in normal economic conditions. With technological innovations like cloud computing, AI/ML, the Internet of Things, and more making cyber risks even more complex, qualified talent is hugely in demand.
Economic conditions worldwide have compounded the cybersecurity talent crunch. Forty-seven percent of cybersecurity professionals in the ISC2 study reported enduring hiring freezes, budget cuts, or layoffs this past year. This restricts training and increases workloads for the remaining staff. Building the deeper skills needed in areas like cloud security and Artificial Intelligence is extremely difficult in this environment.
Tony Goulding, Cybersecurity Evangelist at Delinea, discussed his thoughts on the widening skills gap with SecureWorld News:
"Cybersecurity has evolved quickly, especially with AI being a massive focus, causing it to rise on government and commercial agendas. Attracting and retaining such skills will come down to an investment in cybersecurity talent, competitive compensation, and long-term growth/career opportunities. Demand, good pay, and solid career opportunities in a discipline that's highly visible will always attract.
Organizations will likely need to hire skill sets they don't have. However, larger organizations should invest to grow their existing workforce in parallel to hiring new talent. Train internally and provide compelling career advancement. Identify your strongest talent and reskill those employees to nurture your in-house talent pool. Keep up with new and emerging tech to keep workers current with skills that are not yet widely available. Also, cultivate skills and potential future employees through internships.
Robust cybersecurity requires a variety of essential tools and resources. Many organizations will not have the IT budget to invest in them all, so they must be selective and critical to maximize risk reduction. With compromised identities (still) the dominant tactic, Privileged Access Management (PAM) should be a priority investment. The PAM journey should begin with privileged account vaulting as a SaaS for quick time to production, and maturing to incorporate workstation and server protection, MFA at depth, just-in-time elevation, and behavioral analytics to spot sophisticated indicators of compromise."
Government and industry leaders have been aware of the growing cybersecurity skills crisis for years, yet it continues unabated. Creative solutions like encouraging more diversity in the talent pipeline, investing in training for existing staff, and prioritizing recruitment are clearly needed.
With cybercriminals and state-sponsored hackers rapidly upping their game, the costs of inaction on the skills gap could be severe. Organizations and policymakers must make developing and sustaining a robust cybersecurity workforce a top priority worldwide.
Follow SecureWorld News for more stories related to cybersecurity.