Blog
(ISC)2 Cybersecurity Workforce Study: Skills Gap Narrows But More Help Is Needed
The global cybersecurity skills gap narrowed over the past year, from 3.1 million to 2.7 million people, and job satisfaction got a substantial boost, according to the newly-published 2021 (ISC)2 Cybersecurity Workforce Study .
The narrower skills gap reflects an increase in people joining the field, the study found. “For 2021, our study estimates there are 4.19 million cybersecurity professionals worldwide, which is an increase of more than 700,000 compared to last year.” However, the gap in Asia-Pacific (APAC) was reduced by 500,000 this year, overshadowing the increased deficits in all other regions where the gap has actually increased.
Roughly one-third of the survey respondents indicated that a shortage in cybersecurity team members has led to real world impacts, including misconfigured systems, not enough time for risk assessment and management, rushed deployments, and slowly patched critical systems.
Participants also offered opinions on what specialized skills and roles their teams lack, aligned with the roles outlined in the U.S. government’s National Initiative for Cybersecurity Education (NICE ) Framework. They cited categories such as Securely Provision (48%); Analyze (47%); and Protect and Defend (47%) as the top areas of need, but the data also shows a strong need for help across all roles.
Asked how they would improve their security posture if their organization’s personnel needs were fully met, cybersecurity professionals clearly indicated they would make even greater investments in people in areas like training and certifications (50%), professional development (46%), and automation solutions to make their tasks easier (48%). Additionally, 49% of respondents would invest in security awareness training for everyone in the organization. But contrary to popular belief, respondents also indicated that these investments don’t come at the expense of technology investments. Even as their teams grow, they anticipate the need for continued technology and services investment to ensure they have the tools and support necessary to do their jobs and effectively strengthen their security posture.
Silver Linings
This year’s Workforce Study polled 4,753 cybersecurity professionals in North America, Europe, Latin America (LATAM) and Asia-Pacific (APAC). While much work needs to be done to recruit and retain more cybersecurity staff to the tune of a 65% increase, the findings provide several reasons to feel good about the state of the industry.
For one, cybersecurity professionals have weathered the pandemic well, even experiencing a boost in morale overall. Job satisfaction numbers are the highest ever reported, with 77% of respondents saying they are satisfied or extremely satisfied with their jobs. That’s a significant boost from 66% in 2019.
Satisfaction levels are highest among younger professionals – 79% among Millennials – and only slightly lower among Generation Xers (76%) and Baby Boomers (75%).
New Pathways
The study also found pathways outside of IT are becoming more common. “While an IT background remains the single most common route taken (47% of participants), that is giving way to a variety of entry points. Slightly more than half of cybersecurity professionals got their start outside of IT — 17% transitioned from unrelated career fields, 15% gained access through cybersecurity education and 15% explored cybersecurity concepts on their own.”
This portends well for the future of the field, indicating that the message from (ISC)2 and others in the industry about embracing jobseekers with various skillsets and career backgrounds is starting to get through.
However, there is still a need for diversity in the industry, which remains male-dominated. “Among study participants, the field also continues to be predominantly male (76%) and Caucasian (72%) in North America and the U.K.”
Even though the skills gap has narrowed, the study calculates that the global cybersecurity workforce still needs to increase by 65% to effectively protect organizations against cyber threats. Getting there will require attracting more people with diverse backgrounds and work experience.
The study makes a strong case for stepping up diversity equity and inclusion (DEI) efforts by, among other measures, promoting women and members of other under-represented groups to leadership roles. Study participants also said diversity can increase through mentorship programs, flexible workplace conditions, eliminating pay and promotion gaps and establishing diversity goals for organizations.
The New Remote Work Reality
The percentage of cybersecurity professionals working remotely in some capacity due to the pandemic remains unchanged at 85%; however, 37% report they must now come to the office at times compared to 31% in 2020. In addition to the advantages of remote work as a public health measure, organizations cited improved workplace flexibility (53%); accelerated innovation and digital transformation efforts (37%); and stronger collaboration (34%) as some of the ways the pandemic has changed their organizations for the better.
For more insights into topics such as cybersecurity salaries, top skills development priorities, and planned investments in people and technology, and to read recommended strategies from (ISC)2 for closing the gap, please download the full study at: https://www.isc2.org/Research/Workforce-Study