There has been a decrease in the global workforce shortage for the second consecutive year from 3.12 million down to 2.72 million cybersecurity professionals, finds a new study by (ISC)².
(ISC)², the world's largest nonprofit association of certified cybersecurity professionals, revealed these figures, after releasing its 2021 (ISC)2 Cybersecurity Workforce Study.
The study shows updated figures for both the Cybersecurity Workforce Estimate and the Cybersecurity Workforce Gap in 2021, provides insights into the makeup of the profession and explores the challenges and opportunities that exist for professionals and hiring organisations.
A huge gap in the workforce
The study showed there are two significant contributing factors to this year's workforce gap estimate. The first is that 700,000 new entrants joined the field since 2020, contributing to a sharp increase in the available supply, now up to 4.19 million people. The second is that the workforce gap for every region other than Asia-Pacific increased.
Data suggests that slower economic recovery from the pandemic and its impact on small businesses and critical sectors like IT services (a major cybersecurity employer in the region) is contributing to the relative softness in demand for cybersecurity professionals compared to North America, Europe and Latin America. However, Asia-Pacific still has the largest regional workforce gap of 1.42 million.
"Any increase in the global supply of cybersecurity professionals is encouraging, but let's be realistic about what we still need and the urgency of the task before us," said Clar Rosso, CEO, (ISC)². "The study tells us where talent is needed most and that traditional hiring practices are insufficient. We must put people before technology, invest in their development and embrace remote work as an opportunity. And perhaps most importantly, organisations must adopt meaningful diversity, equity and inclusion practices to meet employee expectations and close the gap."
Lacking skills and expecting too much of staff
The study uncovered that avoidable consequences occur when cyber security staff is stretched too thin. Participants said they experienced misconfigured systems (32%); not enough time for proper risk assessment and management (30%); slowly patched critical systems (29%); and rushed deployments (27%).
Participants also offered opinions on what specialised skills and roles their teams lack, aligned with the roles outlined in the U.S. government's National Initiative for Cybersecurity Education (NICE) Framework. They cited categories such as Securely Provision (48%); Analyze (47%); and Protect and Defend (47%) as the top areas of need, but the data also shows a strong need for help across all roles.
Remote working has drastically impacted security and the workforce
The percentage of cyber security professionals working remotely in some capacity due to the pandemic remains unchanged at 85%; however, 37% report they must now come to the office at times compared to 31% in 2020. In addition to the advantages of remote work as a public health measure, organisations cited improved workplace flexibility (53%); accelerated innovation and digital transformation efforts (37%); and stronger collaboration (34%) as some of the ways the pandemic has changed their organizations for the better.
Security challenges arising from remote workforces included rapid deployment of new collaboration tools (31%); lack of security awareness among remote workers (30%); and rising concern for the physical security of distributed assets (29%).