For the first time since (ISC)² started tracking cybersecurity workforce numbers in 2004, we have seen a decrease in the skills gap, from 4.07 million in 2019 to 3.12 million. According to the 2020 (ISC)² Cybersecurity Workforce Study , the workforce increased 25% from 2019 to a total of 3.5 million professionals worldwide.

The numbers reflect an increase in new entrants to the field – 700,000 of them – but that doesn’t tell the whole story. Another contributing factor is an apparent reduction in demand as a result of the COVID-19 pandemic, which has had significant economic impacts around the world. 

The pandemic has been the dominant story of 2020, and that is reflected in the findings of the Workforce Study. When the pandemic started early in the year, cybersecurity professionals in many cases were called upon to set up secure remote environments for their organizations’ staff, in some cases within one day.

Even so, security incidents stayed near baseline levels, according to the study’s findings. But cybersecurity professionals recognize that doesn’t mean they can rest on their laurels, as more than half of the study’s 3,790 respondents worldwide (56%) say cybersecurity staff shortages are creating risks for their organizations.

Pandemic Effects

Despite economic hardships caused by the global pandemic at a macro level, organizations with 500 to 1,000 employees expanded their cybersecurity teams over the past year. More than half of respondents say the pandemic did not affect their jobs but many knew other cybersecurity professionals whose jobs were affected. Nearly one-fifth (19%) say they took a cut in pay because of the pandemic and 17% of respondents had their hours reduced.

Overall, the theme for 2020 in cybersecurity teams was to make do with less – and, of course, as fast as possible. Perhaps inevitably, more than half of respondents expect that COVID-19-related revenue losses will negatively impact their organizations’ budgets for security technology and staffing in the coming year.

Worldwide, 30% of respondents say their organizations shifted to a remote workforce model in a single day, while an additional 47% had up to a week. The sudden shift put an unprecedented strain on cybersecurity professionals to move to and secure remote environments. After the initial network access transitions were made, more than one-fifth of respondents (22%) report that they had less than a day to then ensure that remote systems were secured. Only 16% say they had more than a week to do so.

Despite the inevitable roadblocks they encountered, 63% of respondents say their organizations were able to respond effectively to COVID-19, while an overwhelming majority (92%) say their organizations were at least somewhat prepared for the changes. Cybersecurity job satisfaction levels also increased in 2020.

Worker Profiles

As part of the study, respondents were asked about their experience in the field. Findings show the cybersecurity field consists of a mix of people of varied educational backgrounds and ages, working in a broad range of industries and organizations. A solid majority of respondents (72%) are male, and Millennials represent the field’s largest generational group.

It’s important to note that in addition to respondents who have a cybersecurity title, the study also includes respondents in IT positions who dedicate at least 25% of their time to cybersecurity tasks. This gives a more well-rounded and accurate depiction of who does the balance of security work on a daily basis. Most respondents (79%) hold at least a bachelor’s degree. The study also found that as a group, cybersecurity professionals are highly experienced people, averaging 11.5 years in an IT role and 6.5 years in cybersecurity. Worldwide, the average salary is $83,000 yearly but higher in North America ($112,000) and lowest in Latin America ($27,000).

How the cybersecurity field evolves in the coming year will likely have a strong correlation with the evolution of the pandemic. Whatever happens, the need for cybersecurity professionals remains high. Even though the skills gap has narrowed for now, 3.12 million still suggests there’s work to do to expand recruiting efforts.

Attend the (ISC)² Cybersecurity Workforce Study Webinar

For a deeper dive into the stories beyond the numbers, you can register here for an upcoming webinar titled “Digging Into the 2020 (ISC)² Cybersecurity Workforce Study,” which will air on December 9, 2020 at 1:00pm EST. This roundtable session brings together four (ISC)² panelists involved in creating this research to discuss some of the highlighted findings and trends in more detail. The session will also be included as part of the (ISC)² 2020 Security Congress agenda, taking place next week from November 16-18. Registration is still open at: https://securitycongress.brighttalk.live/passes