The cybersecurity workforce gap has fallen for the first time since 2004, according to a new report. The global cyber shortage now stands at 3.1 million workers, down from more than four million in 2019, according to new research by non-profit The International Information System Security Certification Consortium (ISC)².
This softening demand is accounted for in part by an influx of new talent, but it is also symptomatic of an uncertain economic climate, in which firms are more reluctant to invest: cybersecurity is often seen as a cost centre in straitened times.
The report found that global business investment in cybersecurity has contracted 5% from 2019 levels. The trend is particularly pronounced in the US, where small and medium businesses have slashed budgets. But even among larger enterprises where slightly more are investing, hiring levels are lower than last year.
This is supported by the finding that planned investment in cybersecurity personnel is only in line with previous years, despite the headwinds from the pandemic, reflecting a broader slowdown in hiring during the second and third quarters, according to (ISC)² CEO Clar Rosso.
“Globally organisations were contracting. They either had frozen positions, they had eliminated positions, [or] they were reducing spending,” Rosso said. “So this hardened up organisations’ hiring plans.”
But, dependency on cybersecurity has increased dramatically, which will mean hiring in the sector will pick up in the months to come, Rosso adds.
“Cyber problems have significantly increased,” she says. “So as organisations reflect on where they need to do hiring — and that’s typically what you do after you’ve frozen hiring is think where’s my essential hiring — I would expect that they will be looking at roles in the cybersecurity space.”
This could inflate the workforce gap again, despite the addition of 700,000 cyber professionals over the past year.
The pressures on the sector are already acute. At current levels, the global supply of cybersecurity professionals still needs to grow by a staggering 89% to fill the talent gap. The shortage is particularly notable in the Asia Pacific region, where there is an estimated shortfall of more than two million jobs.
The US, Brazil and Mexico have the largest cyber workforces, and all saw significant growth in the past year. They also rank within the top five countries for cyber shortages as a proportion of the overall workforce.
A sizable 64% of respondents to (ISC)²’s survey flagged shortages at their organisation and although more than half said their own job has been unaffected, almost 25% said that either they or a peer had been laid-off as a result of the pandemic. Around one in five of those surveyed by (ISC)² reported that their own or a colleague’s pay or hours had been cut.
The dearth of talent comes despite a surge in cyber threats over the past six months. The UK’s National Cyber Security Centre (NCSC) recently reported a record 20% increase in cyber incidents over the year to August 2020. So, it is unsurprising, though concerning, that 56% of cyber professionals see their organisations as being at risk because of short staffing.
For CIOs looking to address shortages in their organisation, Rosso recommends investing in talent from non-cyber backgrounds and upskilling existing employees.
“I think the bias would be, let me go hire ready-made cybersecurity professionals… [but] that may not necessarily be the path forward,” she says. “Look for other kinds of professionals in tangential industries or careers that might have the right kinds of core skill sets or core competencies that would play out well in cybersecurity.”
One draw for more talent is rising salaries. The average global cyber salary stands at $83,000 a year, up 20% on 2019. Rosso says that the increase is driven by changing attitudes to cyber.
“For decades, anything technology related used to be thought of as kind of backroom functionality,” she says. “[But] people’s awareness of the importance and the value of a cybersecurity function within their business has just increased massively in the past couple of years, and that in and of itself is actually driving salary increases.”
That is especially true in the current climate, adds Rosso. “[Business leaders] are highly aware of the risks because, despite the fact that the globe, at a snap of the fingers, turned to fully remote work overnight, the level of angst within organisations was extremely high,” she says.
What’s more, at a time when many jobs are in jeopardy, cybersecurity is a growing sector because it is insulated against the threat of automation.
“Cybersecurity is a really compelling career because, despite the shrinkage of the workforce gap this year, we’re not looking at automation reducing the need for cybersecurity jobs, it’s actually increasing the need,” says Rosso.