As cybersecurity talent continues to thin relative to demand and artificial intelligence adoption surges, organizations are being left exposed to security risks amid slowing global workforce growth, according to a new report on the cybersecurity workforce released Thursday.
The 2024 ISC2 Cybersecurity Workforce Study, published Oct. 31, finds that 58 percent of cyber professional respondents believe a lack of cybersecurity talent has significantly impacted their ability to pursue better security, leaving their organizations at significant risk.
The introduction of generative AI technologies, however, holds promise to fill in for some of the talent gaps, but also comes with data privacy and security concerns.
“Despite the growing need for cyber professionals, global workforce growth has slowed for the first time since ISC2 began estimating the workforce size six years ago,” reads the report. “After two years of declining investment in hiring and professional development opportunities, organizations now face significant skills and staffing shortages, and they are signaling more strongly than ever that their organizations face greater risks.”
Generative AI is commonly utilized by cybersecurity teams to augment operational tasks, assist with report writing, and simplify threat detection and incident reporting. Many cybersecurity teams have viewed AI as a way to “ultimately improve the work force” and its operational efficiency, and the report says that respondents ranked AI – alongside automation – as one of “two technologies that will have the greatest impact on their ability to secure their organization.”
AI is ranked only second to quantum computing in top security concerns, the report says, with the majority of respondents – 67 percent – agreeing that it also poses a significant threat.
“[Sixty-four percent] of respondent organizations have implemented Gen AI in other departments, causing more work for cyber professionals,” said ISC, noting that expanding organizational use of AI beyond cybersecurity departments has raised risk concerns. “Over half have already faced data privacy and security concerns due to organizational adoption of Gen AI,” the report says.
Lack of a clear organizational strategy for generative AI integration was cited as a challenge by nearly half of respondents, with ISC2 saying that a clear strategy is crucial for organizations to leverage Gen AI’s benefits in cybersecurity while managing its risks.
Despite the risks of AI, the technology also is likely to benefit and change the way that professionals view their skill shortages and train for jobs in cybersecurity, the report finds, as AI may replace technical skills – encouraging 73 percent of professionals to build cybersecurity skill sets.
“No one is certain how AI will manifest in cybersecurity since they currently cannot predict what skills, if any, it will replace,” the report says. “As a result of this uncertainty, hiring managers aren’t rushing to hire more specialized workers. Instead, they are prioritizing nontechnical skills, like problem-solving, that will be transferable through the increased use of AI.”
Other future-proof skills that hiring managers cited as being important include communication and teamwork, in addition to curiosity and the willingness to learn.
