A global cybersecurity workforce gap is widening to nearly three million across North America, Latin America, Asia-Pacific (APAC), and Europe, the Middle East and Africa (EMEA), according to the 2018 (ISC)2 Cybersecurity Workforce Study, by the cybersecurity body.
The study (formerly the Global Information Security Workforce Study) is based on feedback from IT/ICT staff from large enterprises to small businesses who may or may not have formal cybersecurity roles but do have responsibility for securing critical assets; spending at least 25pc of their time on such activities.
(ISC)2 CEO David Shearer, CISSP said: “This research is essential to fostering a clearer understanding of who makes up the larger pool of cybersecurity workers and enables us to better tailor our professional development programs for the men and women securing organisations day in and day out. We will share these powerful insights with our partners in government and the private sector to help establish the programs necessary to advance the cybersecurity profession. By broadening our view of the workforce to include those with collateral cybersecurity duties within IT and ICT teams, we discovered that professionals are still facing familiar challenges, but also found striking differences compared to previous research, including a younger workforce and greater representation of women.”
The Asia-Pacific region is seeing the highest shortage in cybersecurity staff, at 2.14 million, in part thanks to its growing economies and new cyber and data privacy legislation being enacted throughout the region. EMEA and Latin America have a 142,000 and 136,000 staffing shortfall, respectively. A majority, 63pc of respondents report that their organisations have a shortage of IT staff dedicated to cybersecurity. More than half, 59pc say their companies are at moderate or extreme risk of cybersecurity attacks due to this shortage. Near half, 48pc of respondents say their organisations plan to increase cybersecurity staffing over the next 12 months.
Most, 68pc of respondents say they are either very or somewhat satisfied in their job. Women represent 24pc of this broader cybersecurity workforce (compared to 11pc from previous studies), while 35pc are Millennial or Gen Y (compared to less than 20pc from previous studies). More than half of all respondents globally (54pc) are either pursuing cybersecurity certifications or plan to within the next year.
Download the full study at www.isc2.org/research.
Comments
David Emm, Principal Security Researcher at cyber product firm Kasperksy Lab, said: ““We live in a connected world, where IT skills are becoming increasingly important, but we don’t have people in the roles needed to efficiently execute this; in some cases, businesses don’t know just how important these job roles are. Small and medium-sized businesses do not have the money to spend on in-house expertise, and often don’t have the resources to specialise. This has resulted is an ongoing gap and an inability to fend off attacks.
“There are two key factors affecting the skills gap. The first is lack of interest in the sector from the future generation. Our education system and the industry itself are not inspiring young people’s interests and talent in the field of cybersecurity, we need to be encouraging people into the industry. It’s increasingly important to equip children with cybersecurity skills at an early age to give them an idea of what cyber roles entail, and foster these skills. Kaspersky Lab research has revealed that demand is outpacing supply, with only half (50 per cent) of under-25s saying they’d join the fight against cybercrime – whilst a significant number would use their skills for fun (17 per cent), secretive activities (16 per cent), and financial gain (11 per cent) instead. We need to be addressing this problem, and making a career path in cybersecurity attractive to the future generations.
“With personnel and spending aside, we need to become smarter in dealing with security. It’s useless throwing money at an issue if the money isn’t spent in an effective way. Companies need to avoid carrying out risk assessments just to tick boxes; they need to be analysing these assessments, and learning from the results.”
And Rob Norris, Vice President of Enterprise and Cyber Security, Fujitsu said: “In a world of connected devices, and increasingly AI and machine learning, the security landscape is seeing exponential growth with attack techniques and sectors changing at an alarming rate. In light of the ever increasing volume and sophistication of attacks it is especially important that we do more to help the next generation of students better understand the positive impact that cybersecurity knowledge can have on their lives and future careers.
“It is evident that there is currently a shortage of talent in the cybersecurity industry, which we are struggling to circumvent. All organisations – private and public – are pivotal in closing the cybersecurity skills gap, ensuring our children are fully equipped for facing future inevitabilities. And with our latest report revealing that a fifth of the UK public believe cybercrime and hacking are the biggest challenges facing the UK today, this report gives us more of an incentive to ensure we do more to identify and nurture the cyber experts of the future.
“In fact, it is something we’re invested in addressing – as we recognise the importance of empowering the individuals who will be key in fighting cybercriminals in the future, last month we announced the launch of the University Technology College Cyber Security Group which looks to ensure that we – and other private organisations – are doing our best to develop the right cyber skills to adequately protect the UK from future cyber threats and attacks.”
