First look at 2024 ISC2 Cybersecurity Workforce Study reveals urgent need for organizations to expand cyber workforce opportunities and focus on skills development
ISC2 – the world’s leading nonprofit member organization for cybersecurity professionals – today revealed the global cybersecurity workforce gap reached a new high with an estimated 4.8 million professionals needed to effectively secure organizations, a 19% year-on-year increase. Despite the growing need for professionals, global workforce growth has slowed for the first time since ISC2 began estimating the workforce size six years ago, holding at an estimated 5.5 million people (a 0.1% year-on-year increase). This contrasts with last year, when the workforce grew 8.7% year-on-year despite declining economic conditions.
For the first time, participants cited “lack of budget” as the top cause of their staffing shortages, replacing “lack of qualified talent” as the top cause in all previous years. As organizations continue to face economic instability, the profession is under unprecedented pressure with increasingly limited resources. While 74% of professionals agree that the 2024 threat landscape is the most challenging it has been in the last five years, budget pressures on the cybersecurity workforce include:
- 37% experiencing budget cuts (+7% from 2023)
- 25% experiencing layoffs in their cybersecurity team (+3% from 2023)
- 38% experiencing hiring freezes (+6% from 2023)
- 32% seeing fewer promotions (+6% from 2023)
The Impact of the Skills Gap
This year, a record 15,852 cybersecurity practitioners and decision-makers participated in the study. In addition to the workforce gap, 90% of respondents indicated that they face skills shortages at their organizations. More than half of those surveyed (58%) believe a shortage of skills puts their organization at significant risk, and 64% say skills gaps present a greater challenge to securing their organizations than staffing shortages. Professionals said the following are the top five skills gaps at their organizations:
- AI (34%)
- Cloud computing security (30%)
- Zero trust implementation (27%)
- Digital forensics and incident response (25%)
- Application security (24%)
“The ISC2 Cybersecurity Workforce Study highlights a concerning perception among cybersecurity professionals. After two years of declining investment in hiring and professional development opportunities, organizations are now facing significant skills and staffing shortages – an issue that professionals warn is heightening overall risk,” said ISC2 Executive Vice President of Corporate Affairs Andy Woolnough. “At a time when global instability and emerging technologies like AI are rapidly increasing the threat landscape, investment in skills development and the next generation of the cyber workforce is more crucial than ever. This will enable cybersecurity professionals to meet these challenges and keep our critical assets secure.”
Attracting Entry-Level Talent
Nearly one-third (31%) of participants said their security teams had no entry-level professionals on their teams, and 15% said they had no junior-level (1-3 years of experience) professionals. Moreover, hiring managers – 62% of which currently had open roles on their teams – are focusing on hiring mid to advanced level roles rather than a broad mix of experience and abilities. This represents a high proportion of organizations that do not have a pipeline of professionals who can develop their foundational skillset in-house to bolster existing teams and instead are relying solely on hiring pre-qualified talent. Providing on-the-job training and professional development opportunities for entry-level talent is essential for developing a skilled cybersecurity workforce for the future, as well as offering advancement opportunities for the existing workforce.
Challenges Impacting Job Satisfaction
Job satisfaction among cybersecurity professionals has remained high over the last several years despite prevailing staffing challenges and escalating threats. However, this year – characterized by mounting security challenges, slow job growth and budget constraints – our study found a 66% favorable job satisfaction rate among professionals, down 4% from 2023. With mounting pressure on cybersecurity teams, declining job satisfaction can lead to professionals leaving the field and increased burnout, further exacerbating the workforce shortage.
This year’s research reveals three areas of action for organizations to address the global shortage of cybersecurity jobs growth, to encourage new individuals into the profession and to address the skills gap. This includes addressing job creation and hiring priorities, prioritizing in-house professional development and setting realistic and clear job role expectations.
Read the initial findings from the ISC2 2024 Workforce Study in the ISC2 Insights article, “Employers Must Act as Cybersecurity Workforce Growth Stalls and Workforce Skills Gaps Widen”.
Explore AITechPark for the latest advancements in AI, IOT, Cybersecurity, AITech News, and insightful updates from industry experts!