For the first time, the skills gap in the cybersecurity industry around the world is decreasing. However, despite the narrowing gap, cybersecurity staff shortages are still putting many organizations at risk. These are some of the key findings of a study conducted by (ISC)², an international not-for-profit membership association for information security leaders.
Cybersecurity Workforce is Growing
The (ISC)²’s Cybersecurity Workforce Study is an annual global survey that assesses the size of the global cybersecurity workforce and the industry’s skills gap. The aim of the study is to better understand the barriers organizations face and to uncover solutions for addressing the global talent shortage. The margin of error for the global descriptive statistics in the Cybersecurity Workforce Study is plus or minus 1.6% at a 95% confidence level.
In total 3,790 professionals, all of whom dedicate at least 25% of their time to cybersecurity tasks, answered an extensive list of questions. The study includes organizations of all sizes, as well as government agencies and educational institutions in 14 geographic regions, including the US, the UK, Canada, Germany, France, Australia, Singapore, Brazil, Mexico, Japan and South Korea.
79% of the respondents has at least a bachelor’s degree, while a little more than one third of them obtained a master’s degree or higher. Remarkably, just 49% of the respondents actually hold a degree in computer or information sciences. Also not to be overlooked, is that 8% of people in the field only have a high school diploma. This illustrates that a university degree is not the only successful pathway into the cybersecurity industry.
The study further reveals that the cybersecurity profession is growing, as it has been doing year after year for some years. Compared to last year’s workforce estimate, the industry added no less than 700,000 professionals (+25%) and increased to 3.5 million people currently working in the cybersecurity workforce worldwide.
Narrowing Skills Gap
For the first time ever, the skills gap decreased. The shortfall in skills dropped from 4.07 million last year to 3.12 million in 2020. Gap estimates, however, vary significantly between regions. The shortage seems to be most acute in the Asia-Pacific region, where more than 2 million cybersecurity professionals are needed. Latin America requires an additional 527,000, the US 376,000 and Europe 168,000.
While the narrowing skills gap seems promising at first glance, the (ISC)² warns that a major driver for this trend is the decreased demand due to the pandemic. Companies, especially small and medium-sized organizations, are investing less in cybersecurity professionals compared to 2019. Large enterprises, on the other hand, are investing slightly more, but their actual hiring investment levels are lower.
Women continue to be under-represented. Latin America scores best. In this region, 40% of the cybersecurity professionals who participated in the study are female. North America, on the other hand, has the lowest percentage of women working in the cybersecurity industry at just 21%. The results in Europe and Asia-Pacific fall in the range of 23% and 30%.
Businesses Still at Risk
Despite the workforce growth and the narrowing skills gap, 56% of the respondents fear that shortages in cybersecurity staff are still putting their organizations at risk. The study data suggests that employment in the field now needs to grow by approximately 41% in the US and 89% worldwide in order to adequately fill the talent gap.
“That growth is achievable”, according to the (ISC)², “But it will require organizations to cultivate new professionals by looking beyond the current population of cybersecurity professionals […], along with supporting their requirement for continuous learning and professional growth.”
Currently, the most in-demand skill set is cloud computing security. 40% of the respondents indicate that they plan to further develop this skill over the next two years. Other top skills that most in the field have on their two-year horizon include risk assessment, analysis and management; and security analysis (both at 28%); as well as governance, risk management and compliance; and threat intelligence analysis (both at 26%). Data management protection and penetration testing are slightly lower on the list (at 22%).
Workforce Study Webinar in December
For a deeper look beyond the numbers and to further explore some of the key themes, professionals can register for an upcoming webinar titled “Digging Into the 2020 (ISC)² Cybersecurity Workforce Study”. The webinar will air on December 9, 2020 at 1:00pm EST. The (ISC)² 2020 Security Congress agenda also includes this session. This virtual congress takes place next week, from November 16-18, 2020.