2023 ISC2 Cybersecurity Workforce Study exposes workforce challenges amidst economic uncertainty, skills gap and the emergence of next-generation artificial intelligence
Alexandria, Va., October 31, 2023 – ISC2 – the world’s leading nonprofit member organization for cybersecurity professionals – estimates the global cybersecurity workforce has reached 5.5 million people, an 8.7% increase from 2022, representing 440,000 new jobs. While this is the highest workforce ISC2 has ever recorded, the 2023 ISC2 Cybersecurity Workforce Study brings to light that demand is still outpacing the supply. The cybersecurity workforce gap has reached a record high, with 4 million professionals needed to adequately safeguard digital assets. This year’s study included a record 14,865 cybersecurity professionals.
The research also finds new challenges impacting professionals in the field, including economic uncertainty, artificial intelligence, fragmented regulations and skills gaps. Additionally, a challenging threat landscape continues to loom over the field, with 75% of cybersecurity professionals saying the current threat landscape is the most challenging it has been in the last five years. Only 52% believe their organization has adequate tools and people to respond to cyber incidents over the next two to three years.
The challenges facing cybersecurity professionals include:
Workforce and Skills Gaps
- 92% of cybersecurity professionals report skills gaps at their organization
- The top three skills gaps at an organization are cloud computing security (35%), artificial intelligence/machine learning (32%), zero trust implementation (29%)
- 51% of organizations that have had cybersecurity layoffs have been impacted by one or more significant skills gaps compared to just 39% of organizations that have not had layoffs
- 47% of respondents experienced cutbacks, which included budget cuts, layoffs and hiring and promotion freezes
- 35% faced cuts to cybersecurity training programs, vital for skills development and workforce growth
- Two-thirds of respondents say that cutbacks have negatively impacted their productivity, team morale and increased their workload
- 57% said their response to threats has been inhibited by cutbacks, and 52% have seen an increase in insider risk-related incidents
- 31% of professionals believe that cutbacks will continue into 2024, and 70% expect those cutbacks to include layoffs
- 47% of respondents have no or minimal knowledge of artificial intelligence (AI)
- 47% see cloud computing security as the most sought-after skill for career advancement
- 45% of respondents foresee AI as their top challenge over the next two years
"While we celebrate the record number of new cybersecurity professionals entering the field, the pressing reality is that we must double this workforce to adequately protect organizations and their critical assets,” said ISC2 CEO Clar Rosso, CC. "Amid the current threat landscape, which is the most complex and sophisticated it has ever been, the escalating challenges facing cybersecurity professionals underscore the urgency of our message: organizations must invest in their teams, both in terms of new talent and existing staff, equipping them with the essential skills to navigate the constantly evolving threat landscape. It is the only way to ensure a resilient profession that can strengthen our collective security.”
Empowering Cybersecurity Workforce for the Future
Organizations are actively adopting strategies to strengthen their cybersecurity teams. Survey respondents say their organizations are investing in staff training (72%), offering flexible work conditions (69%), funding diversity, equity, and inclusion (DEI) programs (68%), supporting certifications (67%), and expanding their teams by recruiting, hiring and onboarding new staff (67%) to prevent or mitigate staff shortages.
Fostering Diversity and Inclusion in Cybersecurity
To promote a more diverse workforce, organizations are embracing DEI initiatives, incorporating skills-based hiring, and revising job descriptions to emphasize DEI goals.
Organizations adopting skills-based hiring have seen a positive impact, with an average of 25.5% women in their workforce compared to 22.2% among those who haven't embraced this initiative. However, there's still work to be done, as women represent only 26% of cybersecurity professionals under the age of 30.
DEI initiatives not only drive diversity but also boost workforce effectiveness. Organizations implementing DEI hiring practices report a stronger sense of preparedness among their cybersecurity professionals in dealing with cyber threats over the next two to three years.
Hiring for the Non-Technical Skills
In addition to technical proficiency in various skills, cybersecurity professionals stress the importance of non-technical attributes. Problem-solving skills (45%) top the list, followed by curiosity and eagerness to learn (39%) and effective communication (38%).
To explore the full report and discover additional actions organizations can take to bridge the global cybersecurity workforce gap, please visit: www.isc2.org/Research.
About the ISC2 Cybersecurity Workforce Study
ISC2 conducts in-depth research into the challenges and opportunities facing the cybersecurity profession. The ISC2 Cybersecurity Workforce Study is conducted annually to assess the cybersecurity workforce gap, to better understand the barriers facing the cybersecurity profession, and to uncover solutions that enable individuals to excel in their profession, achieve their career goals, and better secure their organizations' critical assets.
The 2023 ISC2 Cybersecurity Workforce Study is based on online survey data collected in collaboration with Forrester Research, Inc. in April and May 2023 from 14,865 cybersecurity practitioners. The respondents reside in North America, Europe, Asia, Latin America, the Middle East and Africa. Respondents in non-English speaking countries completed a locally translated version of the survey. A detailed explanation of the estimation methodology for the Cybersecurity Workforce Gap is included in the report.
ISC2 is the world’s leading member organization for cybersecurity professionals, driven by our vision of a safe and secure cyber world. Our more than 500,000 members, candidates and associates around the globe are a force for good, safeguarding the way we live. Our award-winning certifications – including cybersecurity’s premier certification, the CISSP® – enable professionals to demonstrate their knowledge, skills and abilities at every stage of their careers. ISC2 strengthens the influence, diversity and vitality of the cybersecurity profession through advocacy, expertise and workforce empowerment that accelerates cyber safety and security in an interconnected world. Our charitable foundation, The Center for Cyber Safety and Education, helps create more access to cyber careers and educate those most vulnerable. Learn more and get involved at ISC2.org. Connect with us on X, Facebook and LinkedIn.
© 2023 ISC2 Inc., ISC2, CISSP, SSCP, CCSP, CGRC, CSSLP, HCISPP, CISSP-ISSAP, CISSP-ISSEP, CISSP-ISSMP and CBK are registered marks, and CC is a service mark of ISC2, Inc.
Senior PR Manager