The international nonprofit membership association (ISC)² has announced the findings of its 2019 (ISC)² Cybersecurity Workforce Study, which estimates the current cybersecurity workforce, as well as the amount of additional trained staff needed to close the skills gap
The data indicates a necessary cybersecurity workforce increase of 145 per cent globally.
In the UK, the current cybersecurity workforce estimate is 289,000, alongside 121,000 in France and 133,000 in Germany. The shortage of skilled professionals across EMEA has grown to 291,000.
“We’ve been evolving our research approach for 15 years to get to this point today, where we can confidently estimate the current workforce and better understand what it will take as an industry to add enough professionals to protect our critical assets,” said Wesley Simpson, chief operating officer, (ISC)2.
Along with providing these estimates, the study takes a closer look at who cybersecurity professionals are and what motivates them, reveals how organisational security teams are staffed, and outlines data-driven insights into immediate and longer-term methods for building qualified and resilient cybersecurity teams now and in the future.
Major findings from the study:
· Around 65 per cent of organisations report a shortage of cybersecurity staff; a lack of skilled/experienced cybersecurity personnel is the top job concern among respondents (36 per cent)
· Two-thirds (66 per cent) of respondents report that they are either somewhat satisfied (37 per cent) or very satisfied (29 per cent) in their jobs, and 65 per cent intend to work in cybersecurity for their entire careers
· Around 30 per cent of survey respondents are women; 23 per cent of whom have security-specific job titles
· Around 37 per cent are below the age of 35, and five per cent are categorised as Generation Z, under 25 years old
· Around 62 per cent of large organisations with more than 500 employees have a CISO; that number drops to 50 per cent among smaller organisations
· Around 48 per cent of organisations represented say their security training budgets will increase within the next year
· The average North American salary for cybersecurity professionals is US$90,000; those holding security certifications have an average salary of US$93,000 while those without earning US$76,500 on average
· Around 59 per cent of cybersecurity professionals are currently pursuing a new security certification or plan to do so within the next year
· Just 42 per cent of respondents indicate that they started their careers in cybersecurity; meaning 58 per cent moved into the field from other disciplines
· Top recruiting sources outside of the core cybersecurity talent pool include new university graduates (28 per cent), consultants/contractors (27 per cent), other departments within an organisation (26 per cent), security/hardware vendors (25 per cent) and career changers (24 per cent).
Building up cybersecurity teams
In the face of the growing need to build the workforce and recruit new talent, there are four main strategies outlined in the report. These include:
· Highlighting training and professional development opportunities that contribute to career advancement
· Properly level setting on applicant qualifications to make sure the net is cast as wide as possible for undiscovered talent
· Attracting new workers such as recent college graduates who have tangential degrees to cybersecurity, or seasoned pros such as consultants and contractors into full-time roles
· Strengthening from within by further developing and cross-training existing IT professionals with transferrable skills.