The Cyber Skills Gap Is Still Not Getting Better

Uploaded on 2023-11-14 in NEWS-Cybersecurity News, JOBS-Training, JOBS-Careers, FREE TO VIEW

The global cyber security workforce gap, which is the difference between the number of jobs in cyber security and the shortfall number of people with the skills to fill those jobs, is stuck at around four millionThis is despite growing to 5.5 million professionals overall. This a 12.6% increase compared to 2022, according to the 2023 Cybersecurity Workforce Study from ISC2

While the total worldwide cyber security workforce grew 8.7% the study by ISC2 clearly shows that the industry needs millions more qualified workers to defend against constantly increasing cyber security threats.

More than nine in ten (92%) of professionals surveyed revealed they had skills gaps in their organisation, with 67% reporting having a shortage of cyber security staff needed to prevent and troubleshoot security issues. This shortfall comes despite an 8.7% increase in the global cyber security workforce compared with 2022, reaching 5.5 million professionals.

Workforce  Reductions

The cyber skills gap has been made worse by significant cutbacks to cybersecurity operations resulting from the global economic downturn. The cyber security profession is reliant on a continued flow of fresh talent, driven by its constant evolution

Rapidly emerging threats have the potential to cripple even the largest organisations.  Hackers are always looking for new ways to penetrate networks and steal data. Consequently, there is an apparently insatiable demand for cyber security professionals who can keep up with the pace of change. 

  • Nearly half (47%) of respondents said they had experienced cyber-related cutbacks in the past year, including layoffs, budget cuts and hiring or promotion freezes. Of this group, 22% were impacted by layoffs, both first- and second-hand, within cyber security. 
  • An additional 28% of cyber professionals reported redundancies elsewhere in their organisations, which has had a significant impact on security teams.
  • More than a third (35%) of respondents in organisations that had implemented workforce reductions  have seen cyber security training programs eliminated.
  • Almost three-quarters (71%) of this group reported a negative impact on their workload as a result of organisational cutbacks, while 57% felt their threat response was inhibited. 

Despite the attritional nature of the work, job satisfaction remains high with 70% reporting being somewhat or very satisfied in their jobs today. This represents a slight fall from 74% in 2022.

Insider Threats Are Increasing

Over half (52%) of respondents reported an increase in insider risk-related incidents, and half had either personal or second-hand contact with a malicious insider in the past year. Of those who have had this kind of contact, 39% said they or someone they know has been approached to become a malicious insider at their organisation. Meanwhile, 33% have been targeted at home or at work because of their professional role.

This rise in insider threats is linked to the economic environment, with 71% of respondents agreeing that times of economic uncertainty increases the risk of malicious insiders.

Lack Of AI Skills 

The Workforce Study also found that 47% of respondents admitted they have little knowledge of Artificial Intelligence (AI), and just 16% said they have significant knowledge in this area. AI and machine learning (32%) was behind only cloud security (35%) for the area which had the most gaps in knowledge in security teams. In third was zero trust implementation (29%).

Risks associated with AI and emerging technologies are one the biggest challenges facing cyber security professionals over the next two years (45%), followed by worker/skill shortages (43%) and keeping up with changing regulatory requirements (38%).

Encouragingly, 52% of cyber professionals said their organisations are governing the use of AI internally, expanding their management of AI or planning to formally manage AI use within the next 12 months.
Participants also listed advancements in AI as the third most positive impact on their ability to secure their organisation, behind zero trust (34%) and automation (40%).

Improvements In Diversity

Increased diversity in the cyber security workforce was one  significant findings with 66% of newcomers to the cybersecurity profession within the US, Canada, Ireland and the UK in the past 12 months being non-white.  Another finding was that security teams are increasingly embracing diversity, equity and inclusion (DEI) initiatives, with 69% stating that an inclusive environment is essential for their team to be able to succeed.

Organisations adopting skills-based hiring have had an impact, with an average of 25.5% women in their workforce compared to 22.2% among those who haven't embraced this initiative.

Conclusion

Despite overall growth in the number of skilled professionals, the cyber security skills gap is more pressing than ever. Cyber security is vital to the continued development of the digital world, with the security of users' most  sensitive and confidential information dependent on the availability of their special skills.

ICS2:     Simpilearn:      CDSA:     Infosecurity Magazine:    CybersecurityDive:     CIODive:  

You Might Also Read:

Getting Your First Cyber Security Job:

___________________________________________________________________________________________

If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible

 

« API Security Is A Critical Boardroom Issue
BEC Attacks: Trends & Predictions For 2024 »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

Watch this webinar to hear security experts from Amazon Web Services (AWS) and SANS break down the myths and realities of what an NGFW is, how to use one, and what it can do for your security posture.

CERT.br

CERT.br

The Brazilian national Computer Emergency Response Team

Qualitèsoft Technology

Qualitèsoft Technology

Qualitèsoft Technology is a leading Software Development and Quality Assurance organization. We specialize in Custom Development, Mobile Application, Software Testing and Quality Assurance.

CyberDefcon

CyberDefcon

CyberDefcon is an independent organization dedicated to the pursuit of making the internet a safer place.

Vitrociset

Vitrociset

Vitrociset design complex systems for defence, homeland security, space and transport. Activities include secure communications and cybersecurity.

certSIGN

certSIGN

certSIGN develop innovative software for information security and information systems protection.

Worldline

Worldline

Worldline IIoT solutions allow industrial companies to start their digital transformation journey with industrial level cyber security standards (IEC 62443 ready).

Techleap.nl

Techleap.nl

Techleap.nl is a non-profit publicly funded organisation helping to quantify and accelerate the tech ecosystem of the Netherlands.

RIT Global Cybersecurity Institute

RIT Global Cybersecurity Institute

At RIT's Global Cybersecurity Institute, we educate and train cybersecurity professionals; develop new cybersecurity and AI-based knowledge for industry, academia, and government.

Sayata Labs

Sayata Labs

Sayata delivers a streamlined solution for processing cyber policies. Increase profitability with an easy and intuitive platform.

Noventiq

Noventiq

Noventiq (the brandname of Softline Holding plc) is a leading global solutions and services provider in digital transformation and cybersecurity.

Cyber Lockout

Cyber Lockout

Comprehensive ransomware insurance and preventative cybersecurity technology solution, working together to help protect businesses 24/7/365.

Aikido Technology Services

Aikido Technology Services

Aikido Technology Services is a leading-edge technology solutions provider, servicing the Pacific North West USA. We offer affordable IT solutions designed to streamline and secure your business.

Secjur

Secjur

Secjur is a provider of AI-based compliance tools that aim to put compliance, data protection, information security and whistleblowing on autopilot.

aFFirmFirst

aFFirmFirst

aFFirmFirst is a unique software solution offering a simple yet effective way for businesses to protect and control their online images and logo, as well as allowing one-click website verification.

SecureDNE

SecureDNE

SecureDNE are a leading provider of cutting-edge Fractional CISO, Managed Cybersecurity Services, and Cybersecurity Engineering Solutions.

BlazeGuard

BlazeGuard

At BlazeGuard, we understand that navigating the complex world of cybersecurity can be challenging. That’s why we make it our mission to simplify the process for you.