Clearwater, Fla., October 25, 2021 – ISC2 – the world’s largest nonprofit association of certified cybersecurity professionals – today released the findings of its 2021ISC2 Cybersecurity Workforce Study. The study reveals updated figures for both the Cybersecurity Workforce Estimate and the Cybersecurity Workforce Gap in 2021, provides key insights into the makeup of the profession and explores the challenges and opportunities that exist for professionals and hiring organizations.
The study reveals a decrease in the global workforce shortage for the second consecutive year from 3.12 million down to 2.72 million cybersecurity professionals. There are two significant contributing factors to this year’s workforce gap estimate. The first is that 700,000 new entrants joined the field since 2020, contributing to a sharp increase in the available supply, now up to 4.19 million people. The second is that the workforce gap for every region other than Asia-Pacific increased. Data suggests that slower economic recovery from the pandemic and its impact on small businesses and critical sectors like IT services (a major cybersecurity employer in the region) is contributing to the relative softness in demand for cybersecurity professionals compared to North America, Europe and Latin America. However, Asia-Pacific still has the largest regional workforce gap of 1.42 million.
Even with 700,000 new entrants, demand continues to outpace the supply of talent. The global cybersecurity workforce needs to grow 65% to effectively defend organizations’ critical assets.
“Any increase in the global supply of cybersecurity professionals is encouraging, but let’s be realistic about what we still need and the urgency of the task before us,” said Clar Rosso, CEO, ISC2. “The study tells us where talent is needed most and that traditional hiring practices are insufficient. We must put people before technology, invest in their development and embrace remote work as an opportunity. And perhaps most importantly, organizations must adopt meaningful diversity, equity and inclusion practices to meet employee expectations and close the gap.”
How Organizations Overcome Their Gap
This year’s research provides fresh perspectives into how organizations are overcoming their own workforce gaps. Study participants shared their organizations’ planned talent and technology investments, including:
- More training (36%); providing more flexible working conditions (33%); and investing in diversity, equity and inclusion (DEI) initiatives (29%)
- Using cloud service providers (38%); deploying intelligence and automation for manual tasks (37%); and involving cybersecurity staff earlier in third-party relationships (32%)
The study uncovered the avoidable consequences that occur when cybersecurity staff is stretched too thin. Participants said they experienced misconfigured systems (32%); not enough time for proper risk assessment and management (30%); slowly patched critical systems (29%); and rushed deployments (27%).
Participants also offered opinions on what specialized skills and roles their teams lack, aligned with the roles outlined in the U.S. government’s National Initiative for Cybersecurity Education (NICE) Framework. They cited categories such as Securely Provision (48%); Analyze (47%); and Protect and Defend (47%) as the top areas of need, but the data also shows a strong need for help across all roles.
Lasting Pandemic Impact
The percentage of cybersecurity professionals working remotely in some capacity due to the pandemic remains unchanged at 85%; however, 37% report they must now come to the office at times compared to 31% in 2020. In addition to the advantages of remote work as a public health measure, organizations cited improved workplace flexibility (53%); accelerated innovation and digital transformation efforts (37%); and stronger collaboration (34%) as some of the ways the pandemic has changed their organizations for the better.
Security challenges arising from remote workforces included rapid deployment of new collaboration tools (31%); lack of security awareness among remote workers (30%); and rising concern for the physical security of distributed assets (29%).
Additional highlighted findings include:
- Cybersecurity professionals have consistently expressed very high levels of job satisfaction over the last four years—a record 77% of respondents reported they are satisfied or extremely satisfied with their jobs.
- More cybersecurity professionals are getting their start outside of IT— 17% transitioned from unrelated career fields, 15% gained access through cybersecurity education and 15% explored cybersecurity concepts independently. Alternate points of entry are more common for women than men – only 38% of female participants started their careers in IT compared to 50% of male participants.
- The average salary of a cybersecurity professional before taxes is U.S. $90,900—up from U.S. $83,000 among respondents in 2020. Salaries of certified cybersecurity professionals are U.S. $33,000 higher than those with no certifications.
- Cloud computing security is once again the top priority for cybersecurity professionals’ skills development in the next two years
To download a copy of the report and learn more about the recommended actions organizations can take, visit: https://www.isc2.org/Research/
ISC2 collected data from a record 4,753 cybersecurity and IT/ICT professionals, all of whom dedicate at least 25% of their time to cybersecurity tasks, working with small, medium and large organizations throughout North America, Europe, Latin America (LATAM) and Asia-Pacific (APAC) to accurately assess the size of the current cybersecurity workforce and the challenges it faces amid an evolving threat landscape. A detailed explanation of the estimation methodology for the Cybersecurity Workforce Gap is included in the report.
About the ISC2 Cybersecurity Workforce Study
ISC2 conducts in-depth research into the challenges and opportunities facing the cybersecurity profession. The ISC2 Cybersecurity Workforce Study is fielded annually to assess the cybersecurity workforce gap, better understand the barriers facing the cybersecurity profession, and uncover solutions that position these talented individuals to excel in their profession, better secure their organizations’ critical assets and achieve their career goals. The margin of error for the global descriptive statistics in this research is plus or minus 1.4% at a 95% confidence level.
ISC2 is an international nonprofit membership association focused on inspiring a safe and secure cyber world. Best known for the acclaimed Certified Information Systems Security Professional (CISSP®) certification, ISC2 offers a portfolio of credentials that are part of a holistic, pragmatic approach to security. Our membership, more than 158,000 strong, is made up of certified cyber, information, software and infrastructure security professionals who are making a difference and helping to advance the industry. Our vision is supported by our commitment to educate and reach the general public through our charitable foundation – The Center for Cyber Safety and Education™. For more information on ISC2, visit www.isc2.org, follow us on Twitter or connect with us on Facebook and LinkedIn.
© 2021 ISC2 Inc., ISC2, CISSP, SSCP, CCSP, CGRC, CSSLP, HCISPP, CISSP-ISSAP, CISSP-ISSEP, CISSP-ISSMP and CBK are registered marks of ISC2, Inc.
Senior PR Manager