2022 ISC2 Cybersecurity Workforce Study sheds light on the demand for cybersecurity talent with the gap growing twice as much as the workforce with a 26.2% year-over-year surge

Alexandria, VA, October 20, 2022 – ISC2 – the world's largest nonprofit association of certified cybersecurity professionals – today highlighted a stark increase in the shortage of cybersecurity professionals as it announced the findings of its 2022 ISC2 Cybersecurity Workforce Study. The study reveals the global cybersecurity workforce is at an all-time high, with an estimated 4.7 million professionals. Despite adding 464,000 more cybersecurity professionals this year, the data revealed that 3.4 million more cybersecurity workers are needed to secure assets effectively.

70% of respondents report their organization does not have enough cybersecurity employees. And more than half of respondents with workforce shortages feel that staff deficits put their organization at a "moderate" or "extreme" risk of a cyberattack. For organizations looking to mitigate staff shortages, the research suggests that initiatives to train internal talent, rotating job assignments, mentorship programs and encouraging employees outside of IT or the security team to join the field were the most effective.

At the same time, the report finds that 72% of respondents expect their cybersecurity staff to increase somewhat or significantly within the next 12 months – the highest predicted growth rate when compared to the last two years (53% in 2021 and 41% in 2020).

“As a result of geopolitical tensions and macroeconomic instability, alongside high-profile data breaches and growing physical security challenges, there is a greater focus on cybersecurity and increasing demand for professionals within the field,” said Clar Rosso, CEO, ISC2. “The study shows us that retaining and attracting strong talent is more important than ever. Professionals are saying loud and clear that corporate culture, experience, training and education investment and mentorship are paramount to keeping your team motivated, engaged and effective.”

The study takes a closer look at cultural and demographic shifts over the last year. In addition to an analysis of the changing workforce, the study also highlights the top issues with retention, concerning workplace conditions such as burnout, the shift of racial, gender and ethnic diversity among younger cybersecurity professionals, the changing perception of certifications in the field, as well as the impacts from current events and future predictions of the cybersecurity workforce. Key findings include:

Corporate Culture

  • 75% of respondents report strong job satisfaction and the same percentage feel passionate about cybersecurity work, yet 70% of respondents still feel overworked
  • 68% of employees with low employee experience ratings indicate workplace culture impacts their effectiveness in responding to security incidents
  • Over half of workers say they would consider switching jobs if they are no longer allowed to work remotely
  • Just 28% of study participants report their organization actively listens and values the input of all staff

Diversity, Equity and Inclusion

  • 55% of employees believe diversity will increase among their teams within two years
  • Nearly 25% of respondents below age 30 consider gatekeeping and generational tensions as top-five challenges for the next two years, compared to 6% of workers 60 or older
  • 30% of female and 18% of non-white employees feel discriminated against at work, and only 40% of respondents state their organization offers employee DEI training

Changing Perceptions and Current Events

  • 64% of respondents seek new certifications for skills growth and stay current with security trends (53%)
  • 20% of employees state that their organization would increase their security budget as the result of a breach, however only 16% state that their organization would hire additional IT staff
  • 61% of cybersecurity professionals are primarily concerned by the potential risks of emerging technology (e.g., blockchain, AI, VR, quantum computing, etc.)

To learn more about additional actions organizations can take to reduce the global cybersecurity workforce gap, download the 2022 ISC2 Cybersecurity Workforce Study at www.isc2.org/Research/.

Methodology
The 2022 ISC2 Cybersecurity Workforce Study is based on online survey data collected in collaboration with Forrester Research, Inc. in May and June 2022 from 11,779 individuals responsible for cybersecurity at workplaces throughout North America, Latin America (LATAM), the Asia-Pacific region (APAC), and Europe, Africa & The Middle East (EMEA). Respondents in non-English speaking countries completed a locally translated version of the survey. The sample size within each country was controlled to ensure a mix of company sizes and industries. A detailed explanation of the estimation methodology for the Cybersecurity Workforce Gap is included in the report.

About the ISC2 Cybersecurity Workforce Study
ISC2 conducts in-depth research into the challenges and opportunities facing the cybersecurity profession. The ISC2 Cybersecurity Workforce Study is conducted annually to assess the cybersecurity workforce gap, to better understand the barriers facing the cybersecurity profession, and to uncover solutions that enable individuals to excel in their profession, achieve their career goals, and better secure their organizations’ critical assets.

About ISC2
ISC2 is an international nonprofit membership association focused on inspiring a safe and secure cyber world. Best known for the acclaimed Certified Information Systems Security Professional (CISSP®) certification, ISC2 offers a portfolio of credentials that are part of a holistic, pragmatic approach to security. Our association of candidates, associates and members, more than 235,000 strong, is made up of certified cyber, information, software and infrastructure security professionals who are making a difference and helping to advance the industry. Our vision is supported by our commitment to educate and reach the general public through our charitable foundation –The Center for Cyber Safety and Education™. For more information on ISC2, visit www.isc2.org, follow us on Twitter or connect with us on Facebook and LinkedIn.

© 2022 ISC2 Inc., ISC2, CISSP, SSCP, CCSP, CGRC, CSSLP, HCISPP, CISSP-ISSAP, CISSP-ISSEP, CISSP-ISSMP and CBK are registered marks, and CC is a service mark of ISC2, Inc.

# # #

Media Contact:

Amanda Steinman
Senior PR Manager
ISC2
asteinman@isc2.org