That’s according to the latest annual study by ISC2, a nonprofit member organization for cybersecurity professionals.
“We need to continue as an industry to open doors.” He said the issue is “a skills shortage, finding people with the right skills for the right job," ISC2 CISO Jon France told SDxCentral.
According to the study, the global industry workforce has grown 8.7% since last year to a record 5.5 million people. Demand is still growing faster than supply, per ISC2, with 4 million pros still needed to protect digital assets. That’s a record skills gap.
Of nearly 15,000 cybersecurity pros surveyed, 75% indicated the threat landscape is more challenging now than it has been in the last five years. Just 52% said their organization has sufficient tools and people to respond to cyber incidents in the next two to three years.
Cutbacks in the face of global economic certainty didn’t help close the skills gap. Indeed, 47% of respondents said they had experienced layoffs, budget cuts, hiring freezes, promotion freezes or other cyber-related cutbacks in the past year.
ISC2 CEO Clar Rosso suggested that the cybersecurity cutbacks were particularly disappointing given that corporate leaders have grown more cognizant of the financial and reputation risks of skimping on cybersecurity. “The logical conclusion from that is they are more concerned about economic risk than cyber risk and they’re not fully understanding the equivalency between the two risks because they are inextricably tied together," Rosso told Infosecurity Magazine.
Tara Wisniewski, executive vice president for advocacy, global markets and member engagement at ISC2, told Federal News Network that for federal agencies, at least, the findings drive home the necessity of expanding cybersecurity recruitment and retention initiatives. Over the summer, the Biden administration unveiled a “cyber workforce and education” strategy that includes “skills-based” hiring practices as opposed to focusing on degrees.