Editorial

New entrants ease cyber skills workforce gap

The cyber skills gap has shrunk – but it’s still not enough as demand continues to outpace the supply of talent, shows new (ISC)² report

Posted 27 October 2021 by Christine Horton

The cyber skills workforce gap has shrunk, according to new research.

The 2021(ISC)2 Cybersecurity Workforce Study reveals a decrease in the global workforce shortage for the second consecutive year, from 3.12 million down to 2.72 million cybersecurity professionals.

The cybersecurity professional association points to two reasons for this year’s workforce gap estimate. The first is that 700,000 new entrants joined the field since 2020, contributing to a sharp increase in the available supply, now up to 4.19 million people. The second is that the workforce gap for every region other than Asia-Pacific increased.

However, even with 700,000 new entrants, demand continues to outpace the supply of talent. The report notes that the global cybersecurity workforce needs to grow 65 percent to effectively defend organisations’ critical assets.

“Any increase in the global supply of cybersecurity professionals is encouraging, but let’s be realistic about what we still need and the urgency of the task before us,” said Clar Rosso, CEO, (ISC)².

“The study tells us where talent is needed most and that traditional hiring practices are insufficient. We must put people before technology, invest in their development and embrace remote work as an opportunity. And perhaps most importantly, organisations must adopt meaningful diversity, equity and inclusion practices to meet employee expectations and close the gap.”

If you liked this content…

How organisations overcome their gap

The research examines how organisations are overcoming their own workforce gaps. Study participants shared their planned talent and technology investments, including:

  • More training (36 percent); providing more flexible working conditions (33 percent); and investing in diversity, equity and inclusion (DEI) initiatives (29 percent)
  • Using cloud service providers (38 percent); deploying intelligence and automation for manual tasks (37 percent); and involving cybersecurity staff earlier in third-party relationships (32 percent)

The study uncovered the avoidable consequences that occur when cybersecurity staff is stretched too thin. Participants said they experienced misconfigured systems (32 percent); not enough time for proper risk assessment and management (30 percent); slowly patched critical systems (29 percent); and rushed deployments (27 percent).

Lasting pandemic impact

The percentage of cybersecurity professionals working remotely in some capacity due to the pandemic remains unchanged at 85 percent. However, 37 percent report they must now come to the office at times compared to 31 percent in 2020. In addition to the advantages of remote work as a public health measure, organisations cited improved workplace flexibility (53 percent); accelerated innovation and digital transformation efforts (37 percent); and stronger collaboration (34 percent) as some of the ways the pandemic has changed their organisations for the better.

Security challenges arising from remote workforces included rapid deployment of new collaboration tools (31 percent); lack of security awareness among remote workers (30 percent); and rising concern for the physical security of distributed assets (29 percent). 

Additional highlighted findings include:

  • Cybersecurity professionals have consistently expressed very high levels of job satisfaction over the last four years—a record 77 percent of respondents reported they are satisfied or extremely satisfied with their jobs.
  • More cybersecurity professionals are getting their start outside of IT— 17 percent transitioned from unrelated career fields, 15 percent gained access through cybersecurity education and 15 percent explored cybersecurity concepts independently. Alternate points of entry are more common for women than men. Only 38 percent of female participants started their careers in IT compared to 50 percent of male participants.
  • The average salary of a cybersecurity professional before taxes is US $90,900. This is up from US $83,000 among respondents in 2020. Salaries of certified cybersecurity professionals are U.S. $33,000 higher than those with no certifications.
  • Cloud computing security is once again the top priority for cybersecurity professionals’ skills development in the next two years.
Event Logo

If you are interested in this article, why not register to attend our Think Digital Government conference, where digital leaders tackle the most pressing issues facing government today.


Register Now

Liked this article?

Subscribe to our newsletter to receive the latest digital transformation news directly to your inbox.

Subscribe