Cybersecurity is a significant issue around the world as individuals, businesses, and even governments are more vulnerable than ever to data breaches, ransomware attacks, and other attacks from cybercriminals. Those who commit cyber-attacks have become more sophisticated, making it difficult for businesses and organizations to protect themselves without the help of a cybersecurity professional.
In response to the need for cybersecurity professionals to protect against threats, the global cybersecurity workforce is bigger than it has ever been at around 4.7 million people. However, according to a report by Cybersecurity Ventures, there will be an estimated 3.5 million cybersecurity jobs open worldwide by 2025. There is a sizeable skills gap between the amount of cybersecurity professionals currently working around the globe and the number of cybersecurity professionals needed in the workforce to be successful in protecting against cyber-attacks.
In this guide, we will examine the global cybersecurity skills gap, including how the skills gap became so large and what is being done to close the gap. If your business or institution could benefit from the help of cybersecurity professionals, contact PSM Partners.
Cybersecurity Skills Gap by the Numbers
As mentioned above, the estimated global cybersecurity workforce in 2022 is 4.7 million. This is an 11% increase from 2021, which equates to about 464,000 more jobs worldwide. According to an analysis of the cybersecurity workforce by (ISC)2, the skills gap grew twice as fast with a 26.2% year-over-year increase. To put it simply, the demand for more cybersecurity professionals is growing twice as fast as the workforce itself, causing major shortages.
Skills Gap Effect on Cybersecurity Professionals
While the ramifications of the global cybersecurity skill gap are felt across industries, no one is impacted more than cybersecurity workers themselves. The skill gap makes it difficult for cybersecurity workers to handle foundational functions like risk assessment, critical systems patching, and oversight. Approximately 70% of cybersecurity professionals believe that their staff does not have enough people to be effective which increases the risk of cybersecurity attacks.
In a survey conducted by (ISC)2, cybersecurity staff reported the following issues made worse by the workforce gap:
- Less time for proper risk assessment and management
- Misconfigured systems
- Slow to patch critical systems
- Oversights in process and procedure
- Not enough time or resources to train cybersecurity staff
What is Causing the Cybersecurity Workforce Gap?
The main cause of the growing cybersecurity workforce gap is that the demand for cybersecurity professionals is growing much faster than cybersecurity jobs are being created. This is somewhat inevitable as the threat of cyberattacks grows and the attacks become more sophisticated. Cybersecurity professionals are having difficulty keeping up with a naturally growing demand that is largely out of their control.
However, some issues that are having a major impact on the cybersecurity workforce gap can be controlled by organizations. These issues include not prioritizing cybersecurity, not adequately training cybersecurity staff, and limited opportunities for growth or promotion. This causes extra stress for cybersecurity professionals which leads to high turnover in the profession. In fact, a report by the Ponemon Institute found that around 65% of cybersecurity professionals plan on leaving the profession for a new career. The top reasons for this include lack of a clear career path, limited support to develop their skills, lack of social recognition, burnout, and dissatisfaction with salaries.
Multiple reports have found that burnout is one of the top reasons that cybersecurity professionals want to find a new career. In a report on chief information security officers (CISOs) by Nominet Cyber Security, it was found that the average tenure of a CISO is only between 18 and 24 months, citing stress on the job as the main reason for CISOs leaving their position. According to data from Tessian, work demands have caused 42% of CISOs to miss major holidays, 44% to miss doctor appointments, and 40% to miss family vacations in the previous year. CISOs also tend to work at least 11 hours more than they are contracted per week and a quarter of CISOs have taken no time off in the previous year.
Burnout affects more than CISOs, it affects all workers in the tech industry. A high demand for skilled cybersecurity professionals along with a small talent pool puts enormous stress on current tech professionals at all levels. In order to help close the workforce gap, businesses need to make it their priority to help relieve the stress and prevent burnout of their tech professionals.
How to Close the Cybersecurity Workforce Gap
There is no question that the cybersecurity workforce gap is a global issue that requires action. Based on our discussion above, this requires action on two fronts: at the organizational level and the global industry level.
How Organizations can Close the Skills Gap
There are many things that organizations can do to increase their cybersecurity staff and ensure that they have the time and the resources to do their jobs effectively to reduce turnover. The following are some of the main ways organizations are mitigating cybersecurity staff shortages:
- Flexible working conditions: Many cybersecurity tasks can be done remotely with an internet connection. Organizations should offer work from home flexibility for their employees.
- Invest in training: Investing in more training for your cybersecurity staff will reduce the strain on your workers and help prevent burnout.
- Recruiting and hiring new staff: Organizations that put more effort into recruiting, hiring, and onboarding new staff can narrow the gap.
- Invest in certifications: It is important for cybersecurity staff to be certified in what they do and up to date on the latest in the field.
- Invest in diversity, equity, and inclusion: The pool of available tech talent is very diverse. By investing in diversity, equity, and inclusion initiatives, businesses can make their tech positions more attractive to skilled tech workers from all walks of life and increase their number of potential candidates.
- Use automation technology: Automating certain tasks using tools that are available will give cybersecurity staff more time to deal with issues that require a hands-on approach.
- Mentorship programs and internships: Community mentorship programs for schools and universities can help encourage more young people to pursue STEM careers and attract them into the cybersecurity field. Businesses can also offer internships to STEM students to help them get their foot in the door of the tech industry and learn valuable skills on the job from experienced professionals.
- Use outsourced cybersecurity services: Organizations do have the option of working with IT firms that specialize in cybersecurity services such as PSM instead of hiring and training internal staff.
- Hire from non-cybersecurity backgrounds: Candidates with a good attitude and work ethic can be trained to learn the technical skills of cybersecurity. Organizations can also encourage current employees to consider a switch to cybersecurity.
- Hire from outside geographical area: Many cybersecurity tasks can be done remotely which gives you the option of looking for staff outside your geographical area. This will greatly widen your pool of candidates.
- Address pay and promotion gaps: The studies discussed above have shown that pay and opportunities for growth and promotion are important to those within the field. Make sure you eliminate pay gaps and provide opportunities for promotion.
- Rotational job assignments: Rotating cybersecurity roles will give your staff more variety in their day-to-day tasks.
Closing the Cybersecurity Skill Gap on a Global Level
As mentioned above, the cybersecurity skill gap is a global problem. To combat the skill gap, Microsoft launched a national skilling campaign in the U.S. to help close the gap and they are expanding this campaign to 23 other countries around the world. The main goals of this campaign are to provide the career pathways and resources needed to educate and attract people to the profession and increase diversity in the workforce.
The cybersecurity skills campaign from Microsoft consists of the following elements:
- Understand the skill gap: First, Microsoft needs to fully understand the cybersecurity skill gap so they can come up with effective solutions. To do this, they partnered with the Organization for Economic Cooperation and Development (OECD) to study the skill gap in the targeted countries and look for opportunities to increase the growth of cybersecurity professionals through postsecondary education and training. This data will be made available to the public so it can guide the decision making of policymakers and businesses.
- Increase training opportunities: Microsoft is increasing training opportunities to give those interested in IT and cybersecurity careers a pathway to the profession. They are doing this by offering free training through their LinkedIn Learning platform and free security courses through their Microsoft Learn platform.
- Resources for higher education: Microsoft is partnering with educational institutions to provide access to free curriculum, educator training, and tools for teaching including courses such as Microsoft Azure Security Technologies certification and Microsoft Security, Compliance, and Identity Fundamentals. This initiative also includes providing faculty for higher education institutions and additional resources like free practice and certification exams.
- Promote diversity: Excluding women and minorities from the workforce greatly limits candidate pools and deprives organizations of existing talent. Microsoft is partnering with Ecole 42, a global computer science training program with no tuition to help educate more people around the world. They are also partnering with Women in Cybersecurity, a non-profit that helps recruit, retain, and advance women in cybersecurity.
- No one size fits all: There is no single solution that can be applied to every country and Microsoft understand this. Instead, they are working with local educational institutions, non-profits, businesses, and governments to form solutions that address the specific skills gap in each country and work within the needs of their domestic market.
Cybersecurity from PSM
The need for effective cybersecurity will continue to grow as cyberattacks become more common and sophisticated. It is crucial for the cybersecurity workforce skills gap to be closed to meet the demand and help keep businesses, institutions, and governments around the world protected from cybercriminals.
If your business or organization is having difficulty managing your cybersecurity in-house, reach out to our IT professionals at PSM. We offer complete cybersecurity services including management and consulting to help you keep your business protected. Our experienced professionals will audit your current cybersecurity strategy to find and address weaknesses and implement new strategies that improve the security of your IT infrastructure.
You can get in touch with PSM by calling (312) 940-7830 to learn more.