The global Cybersecurity workforce gap shrank from 4 million to 3.1 million in 2020, the first time ever a year-on-year reduction has been recorded. According to data from the International Information System Security Certification Consortium – ICS, the gap also narrowed in the USA, where the figure fell from 498’000 to 359’000 open jobs. There were about 880’000 cyber professionals in active employment. Overall, the cybersecurity skills situation continues to deteriorate over the last four years. The number of years required for an individual to gain proficiency in cybersecurity is also a cause of the cybersecurity skills gap. On average, it takes 3-5 years to achieve cybersecurity competency. The effects of the cybersecurity skills gap include increased workloads, organizations’ inability to effectively use cybersecurity tools, and the inability to fill open positions with the right skills. No significant progress has been put to address the problem of the supply and demand of cybersecurity professionals.
Despite the recorded drop, the gap is still large and poses a significant threat to organizations in the face of increasing numbers of cyber-attacks and incidents. Up to 56% of 3’790 surveyed cybersecurity professionals globally have acknowledged that the staff shortages are likely to place their organizations at the risk of attacks even if cyber incidents were to remain at the baseline levels. Data from CyberSeek, an initiative that seeks to provide data to measure supply and demand in the cyber job market, indicates that the skills gap is actually widening rather than shrinking. A comparison reveals that there were 508’000 unfilled positions and 922’720 employed professionals in October 2019 against 521’617 unfilled positions and 941’904 employed professionals in September 2020.
Cybersecurity professionals lack a well-defined career path, and it has been a factor that contributes to the ever-growing skills gap. Cybersecurity as a profession requires hands-on experience for those joining the industry, which is in itself a significant handicap. Qualifying for these jobs requires that workers must have had a cybersecurity job to gain the necessary experience. New cybersecurity talent had a big mountain to climb before succeeding in the industry.
ICS’s methodology in arriving at the cyber skills gap is different in that the gap is described as the difference between the number of skilled professionals that organizations need to protect their critical assets and the actual capacity available to take on this work.
Many industry groups agree with the conclusions arrived at by ICS in that the skills gap poses a big risk for organizations’ security. CyberSeek adds that the lack of available cybersecurity professionals is approaching hazardous levels, which will have devastating effects on digital privacy and critical infrastructure. The ISC survey further revealed that 12 percent of respondents said that the severe shortage of cyber manpower left their organizations at extreme risk; 40 percent said their organizations were at moderate risk. Another 20 percent reported that their organization had a significant shortage of cybersecurity help. In contrast, another 40 percent reported little need for cybersecurity professionals.
The reduced skills gap in 2020 has been attributed to reduced average headcount demand in the various segments, which has led to reduced investment in hiring cyber professionals. The global market for cyber professionals has decreased by about 5% from 2019. There has been a sharp decline in the USA businesses’ total number – including small and medium sized companies – hiring and investing in cybersecurity professionals. The large enterprises have made slightly more investments in cybersecurity professionals than in 2019, but the levels are still comparatively lower. Overall, the headcount demand has reduced by 5 percent from 2019 and has been attributed to the impact of the COVID-19 pandemic on staffing budgets and businesses.
Next, the estimated supply of available talent recorded a year on year increase of 25 percent. It is estimated that 3.5 million individuals are working in the cybersecurity field. Cybersecurity positions take about 21 percent longer to fill compared to other jobs in the I.T. field. According to ISC, the increase, which translates to about 700’000 more professionals, is attributed to businesses increasingly investing in their cyber professionals’ teams and an uptick in industry growth. Further data findings reveal that employment in the cybersecurity field needs to grow by about 89 percent globally and 41 percent in the U.S. to fill the existing talent gap. The talent gap remains a big concern for cyber professionals in the face of increasing cyber-attacks and incidents.
The increase in the supply of cybersecurity professionals has been good news to the industry in the last year. It is hoped that it becomes a turning point for an industry that has not previously attracted new talent. Another phenomenon happening in the cybersecurity industry is the conversion of staff from other departments and updating their skills to fit cybersecurity positions. The freezing of spending by organizations led to reduced personnel budgets being cut and decreasing the demand for cybersecurity professionals. From the beginning of 2020, the pandemic has led to a decrease in the market. It is hoped that, with the onset of the New Year, there will be better prospects for the industry as businesses reprioritize their cybersecurity needs.
Organizations need to strategize and realign their cybersecurity needs so that they are addressed holistically. Some businesses focus their investments on technology alone instead of investing in the training and up-skilling of their security professionals to better protect their networks and data. The cybersecurity strategy should support the business/organization’s strategy in goals such as revenue creation.
Follow on LinkedIn: Alessandro Civati
The post Cyber Skills Gap, is it a lack of talent problem? appeared first on .