You might want to sit down for this one: The shortage of cybersecurity professionals around the globe has never been more acute. New research by (ISC)² places the estimate at just under 3 million – 2.93 million to be exact – with roughly 500,000 of those positions located in North America.

According to (ISC)²’s Cybersecurity Workforce Study , the gap is having a serious real-world impact around the globe. Asia-Pacific, with its growing economies and new privacy regulations, is experiencing the biggest shortage – 2.14 million positions. The massive worldwide shortage not only places organizations affected by the shortage at higher risk of cyber attack, but also affects job satisfaction of current cybersecurity staff.

(ISC)² polled 1,500 cybersecurity and IT professionals around the globe. Among other findings, the study disclosed that 63% of participating organizations are suffering through a shortage of IT staff dedicated to cybersecurity. In addition, nearly 60% or respondents said their companies are at moderate or extreme risk of cybersecurity attacks as a result of the shortage.

Fewer than a third of companies (28%) have what respondents consider the right amount of cybersecurity staffing. That could soon change, since almost half of organizations (48%) plan to hire more cybersecurity pros in the next year or so. Still, almost as many expect to see no change in cybersecurity staffing (39%) or even experience a reduction (5%).

Morale Problems

That the cybersecurity skills shortage places companies at risk is hardly surprising. What is perhaps less intuitive is the effect the gap has on the jobs that are filled. It’s clear from the findings that cybersecurity professionals are feeling the pressure created by inadequately staffed cybersecurity teams.

A lack of skilled and experienced cybersecurity personnel tops cybersecurity professionals’ list of job concerns (37%), outranking other concerns such as lack of resources (29%) and time (27%) to effectively do their jobs, and inadequate security budget (28%). Historically, according to the report, top concerns have been lack of adequate budget, time and work-life balance.

“The lack of skilled cybersecurity personnel is doing more than putting companies at risk; it’s affecting the job satisfaction of their existing staff,” the report says. This is a dangerous side effect that affects morale.

What About Budgets?

It’s no secret that budgets, cybersecurity and staffing are all related – the bigger the budget, the better the likelihood of filling positions with skilled candidates. The survey revealed that cybersecurity is a budget priority for companies, but perhaps not enough.

While 49% of respondents said cybersecurity is a budget priority, 60% said it should be a higher priority. In addition, more than half of organizations (55%) expect to boost their budgets in the next year but 70% of respondents said the increase will not be enough.

How companies allocate their budgets will affect how they address the skills gap. It’s important to fund recruitment, training and career development to create a professionally fulfilled cybersecurity team. Getting this right will help organizations do their part in closing the cybersecurity shortage.

Read the full Cybersecurity Workforce Study here.