In a report released today, the International Information System Security Certification Consortium, (ISC)², a nonprofit association of certified cybersecurity professionals, found a global cybersecurity workforce shortage of 2.93 million people as of August 2018.
Within that figure, North America came in second with a shortage of roughly 500,000 workers, trailing the Asia Pacific region which had a shortage of roughly 2.14 million. Rounding out the rankings were Europe, the Middle East, and Africa with a shortage of 142,000, and Latin America lacking 136,000 cybersecurity professionals.
The report’s authors say the results show a “widening of the global cybersecurity workforce gap.”
The cybersecurity shortage in the United States is nothing new, and both the Trump administration and Congress have launched initiatives and proposed legislation to close the gap between supply and demand. However, the report highlights the extreme importance of getting more qualified and trained cybersecurity professionals into the labor pool.
“According to the survey, 63 percent of [global] respondents report that their organizations have a shortage of IT staff dedicated to cybersecurity,” the report said. “And nearly 60 percent say their companies are at moderate or extreme risk of cybersecurity attacks due to this shortage.”
Unsurprisingly, the report also found that the cyber workforce shortage is now the top job concern among cybersecurity professionals. Also topping the list of concerns were a lack of resources to do their jobs efficiently, and a lack of budget for key security initiatives.
But luckily, help is on the way for almost half of survey respondents. The research found that 48 percent of respondents say their organizations plan to increase cybersecurity staffing over the next 12 months.
The report also delved into training opportunities and career progression in the cyber field. Cybersecurity professionals are highly interested in ongoing training and education, with 54 percent of global respondents either actively pursuing cybersecurity certifications or planning to do so within the next year. In terms of what they want training on, cyber experts said cloud computing security, penetration testing, threat intelligence analysis, and forensics are areas where they “need to develop most or improve on over the next two years in order to advance in their careers.”
For the survey (ISC)2 polled 1,452 cybersecurity professionals worldwide, including workers who may not have formal cybersecurity roles, but do have responsibility for securing critical assets each day and spend at least 25 percent of their time on security activities. To arrive at their end numbers, (ISC)2 took both a current and future-looking approach.
“Unlike legacy gap calculation models that simply subtract supply from demand, this calculation takes other critical factors into consideration, including the percentage of organizations with open positions and the estimated growth of companies of different sizes,” the report explained. “The calculation of demand includes the openings that are currently available, along with an estimation of future staffing needs. And the calculation of supply includes estimates for academic and non-academic entrants into the field, along with estimates of existing pros who are pivoting to cybersecurity specialties.”
The report further explained why this was the best approach.
“This more holistic approach to measuring the gap produces a more realistic representation of the security challenges–and opportunities–that both companies and cybersecurity pros are facing worldwide,” the report said.