The nonprofit International Information System Security Certification Consortium, also known as (ISC)², today released the results of a new study that found a stark increase in the shortage of cybersecurity professionals.
The 2022 (ISC)² Cybersecurity Workforce Study estimates that the cybersecurity workforce is at an all-time high, with 4.7 million professionals working in the field. Although that’s an increase of 464,000 over the last year, the data revealed that 3.4 million more cybersecurity workers are needed to secure assets effectively.
Nearly 12,000 individuals responsible for cybersecurity at workplaces throughout the globe were surveyed for the results, including in non-English-speaking countries, with the sample size controlled to ensure a mix of company sizes and industries.
Of those surveyed, 70% said their organization does not have enough cybersecurity employees. More than half of respondents further said that their cybersecurity staff deficits put their organization at a “moderate” or “extreme” risk of a cyberattack.
Despite the ongoing shortage in the industry, 72% of respondents expect their cybersecurity staff to increase somewhat or significantly within the next 12 months – the highest predicted growth rate in the last two years — 53% in 2021 and 41% in 2020.
The study also looked at cultural and demographic shifts over the last year, highlighting issues with retention, workplace conditions such as burnout, the shift of racial, gender and ethnic diversity among younger cybersecurity professionals and the changing perception of certifications in the field.
Key findings include 75% of respondents reporting strong job satisfaction, with the same percentage feeling passionate about cybersecurity work. That said, 70% of respondents also reported feeling overworked.
Some 68% of employees with low employee experience ratings said their workplace culture affects their effectiveness in responding to security incidents and more than half said they would consider switching jobs if they were no longer allowed to work remotely. Just 28% of study participants said their organization actively listens and values the input of all staff.
“As a result of geopolitical tensions and macroeconomic instability, alongside high-profile data breaches and growing physical security challenges, there is a greater focus on cybersecurity and increasing demand for professionals within the field,” Clar Rosso, chief executive officer of (ISC)², said in a statement. “The study shows us that retaining and attracting strong talent is more important than ever. Professionals are saying loud and clear that corporate culture, experience, training and education investment and mentorship are paramount to keeping your team motivated, engaged and effective.”