author photo
By Cam Sivesind
Thu | Oct 20, 2022 | 12:28 PM PDT

A new study by (ISC)2 released October 20th estimates the current global cybersecurity workforce at 4.7 million people—the highest ever—but the real takeaway is the worldwide talent gap in the security industry of 3.4 million workers.

The 2022 (ISC)2 Cybersecurity Workforce Study is an update to the organization's first cybersecurity workforce estimate conducted in 2019. This proprietary methodology integrated a wide array of primary and secondary data sources to extrapolate the number of workers responsible for securing their organizations, according to the study summary.

Despite adding 464,000 workers over the past year, the gap in the security workforce has widened by more than 26%. The alarm bells are ringing for enterprises looking to combat increasing attacks from a growing cybercriminal network.

Nearly 70% of the InfoSec workforce say their organizations' cybersecurity teams are understaffed.

"The shortage is particularly severe in aerospace, government,
education, insurance and transportation," the study cites. "A cybersecurity workforce gap jeopardizes the most foundational functions of the profession like risk assessment, oversight and critical systems patching. More than half of employees at organizations with workforce shortages feel that staff deficits put their organization at a 'moderate' or 'extreme' risk of cyberattack. And that risk increases substantially when organizations have a significant staffing shortage."

Staff shortages and competition for competent, capable workers has increased even more since the pandemic, according to the study. 

"People are seeking out work cultures that fit their lifestyles the best, and this has led to increased turnover," the study reveals. "21% of respondents from North America have switched organizations in the last 12 months; this is up from 13% in the previous year."

The study also examines:

  • Job satisfaction
  • Top factors influencing employee experience
  • Flexible work options, including remote work (Pre-pandemic remote work was at 23%; post-pandemic levels are at 55%.)
  • Combatting burnout
  • The generational divide
  • Diversity, equity, and inclusion (Younger workers place a higher value on DEI initiatives.)
  • Career pathways
  • Career progression
  • Evolving certifications
  • Salaries (The median salary for North America cybersecurity workers is $134,800.)
  • Data breaches, war, and modern threats (Attacks often increase workload, particularly in the financial services, aerospace, government, and military industries.)
  • The future of cybersecurity work

As part of the study's conclusion, it offers hope and a warning:

"Our research suggests that the cybersecurity workforce is driven by a passion for what they do; and they have the best experience when they are able to chart their path and progression in the field. However, this experience is diluted when employees do not feel supported by the groups they work for. Individual employees need to be supported by their collective teams and organizations. Staff retention continues to be an issue, and although there is optimism about hiring/recruiting in the future, companies need to take more action to inspire loyalty and mitigate attrition. Showing employees that they are valued and listened to will improve their experience within the workplace (whether it’s remote or on-site)."