(ISC)2 report finds cyber security workforce gap has increased to more than 2.9 million globally

(ISC)² – the world’s largest non-profit association of certified cyber security professionals – has issued the findings of its 2018 Cyber Security Workforce Study. The research shows a widening of the global cyber security workforce gap to nearly three million across North America, Latin America, the Asia Pacific region and Europe, the Middle East and Africa.  

Formerly the Global Information Security Workforce Study, the 2018 (ISC)² Cyber Security Workforce Study is based on feedback from a broader, more representative sample of the men and women responsible for securing their organisations around the world. This includes many IT/ICT staff within organisations ranging from large enterprises through to small businesses who may or may not have formal cyber security roles, but do have hands-on responsibility for securing critical assets every day – spending at least 25% of their time on such activities. Their views and opinions create a more realistic representation of the cyber security challenges and opportunities the industry faces around the globe.

“This research is essential when it comes to fostering a clearer understanding of who makes up the larger pool of cyber security workers and enables us to better tailor our professional development plans for the men and women securing organisations day in and day out,” said (ISC)CEO David Shearer CISSP. “We will share these powerful insights with our partners in Government and the private sector to help establish the programmes necessary to advance the cyber security profession. By broadening our view of the workforce to include those with collateral cyber security duties within IT and ICT teams, we’ve actually discovered that professionals are still facing familiar challenges, but also found striking differences compared to previous research, including a younger workforce and greater representation of women.”

Key insights revealed in the study

*Of the 2.93 million overall gap, the Asia Pacific region is experi­encing the highest shortage at 2.14 million, at least in part thanks to its growing economies and new cyber security and data privacy legislation being enacted throughout the region

*North America has the next highest gap number at 498,000, while the EMEA and Latin America contribute a 142,000 and 136,000 staffing shortfall respectively

*63% of respon­dents report that their organisations have a shortage of IT staff dedicated to cyber security. 59% say their companies are at moderate or extreme risk of cyber security attacks due to this shortage

*48% of respondents say their organisations plan to increase cyber security staffing over the next 12 months

*68% of respondents say they are either very or somewhat satisfied in their current job

*Women represent 24% of this broader cyber security workforce (compared to 11% from previous studies), while 35% are Millennial or Gen Y (compared to less than 20% from previous studies)

*More than half of all respon­dents globally (54%) are either pursuing cyber security certifications or plan to do so within the next year

*Some of the biggest career progression challenges respondents reported are unclear career paths for cyber security roles (34%), a lack of organisational knowledge of cyber security skills (32%) and the cost of education to prepare for a cyber security career (28%)

*The four areas cyber security professionals feel they will need to develop most or otherwise improve upon over the next two years in order to advance in their careers include cloud computing security, penetration testing, threat intelligence analysis and forensics

For more data points and additional context on the cyber security workforce gap. download the full study at www.isc2.org/research

About the Author
Brian Sims BA (Hons) Hon FSyI, Editor, Risk UK (Pro-Activ Publications) Beginning his career in professional journalism at The Builder Group in March 1992, Brian was appointed Editor of Security Management Today in November 2000 having spent eight years in engineering journalism across two titles: Building Services Journal and Light & Lighting. In 2005, Brian received the BSIA Chairman’s Award for Promoting The Security Industry and, a year later, the Skills for Security Special Award for an Outstanding Contribution to the Security Business Sector. In 2008, Brian was The Security Institute’s nomination for the Association of Security Consultants’ highly prestigious Imbert Prize and, in 2013, was a nominated finalist for the Institute's George van Schalkwyk Award. An Honorary Fellow of The Security Institute, Brian serves as a Judge for the BSIA’s Security Personnel of the Year Awards and the Securitas Good Customer Award. Between 2008 and 2014, Brian pioneered the use of digital media across the security sector, including webinars and Audio Shows. Brian’s actively involved in 50-plus security groups on LinkedIn and hosts the popular Risk UK Twitter site. Brian is a frequent speaker on the conference circuit. He has organised and chaired conference programmes for both IFSEC International and ASIS International and has been published in the national media. Brian was appointed Editor of Risk UK at Pro-Activ Publications in July 2014 and as Editor of The Paper (Pro-Activ Publications' dedicated business newspaper for security professionals) in September 2015. Brian was appointed Editor of Risk Xtra at Pro-Activ Publications in May 2018.

Related Posts