First look at 2024 ISC2 Cybersecurity Workforce Study reveals urgent need for organizations to expand cyber workforce opportunities and focus on skills development
Alexandria, Va., September 11, 2024 – ISC2 – the world’s leading nonprofit member organization for cybersecurity professionals – today revealed the global cybersecurity workforce gap reached a new high with an estimated 4.8 million professionals needed to effectively secure organizations, a 19% year-on-year increase. Despite the growing need for professionals, global workforce growth has slowed for the first time since ISC2 began estimating the workforce size six years ago, holding at an estimated 5.5 million people (a 0.1% year-on-year increase). This contrasts with last year, when the workforce grew 8.7% year-on-year despite declining economic conditions.
For the first time, participants cited “lack of budget” as the top cause of their staffing shortages, replacing “lack of qualified talent” as the top cause in all previous years. As organizations continue to face economic instability, the profession is under unprecedented pressure with increasingly limited resources. While 74% of professionals agree that the 2024 threat landscape is the most challenging it has been in the last five years, budget pressures on the cybersecurity workforce include:
- 37% experiencing budget cuts (+7% from 2023)
- 25% experiencing layoffs in their cybersecurity team (+3% from 2023)
- 38% experiencing hiring freezes (+6% from 2023)
- 32% seeing fewer promotions (+6% from 2023)
The Impact of the Skills Gap
This year, a record 15,852 cybersecurity practitioners and decision-makers participated in the study. In addition to the workforce gap, 90% of respondents indicated that they face skills shortages at their organizations. More than half of those surveyed (58%) believe a shortage of skills puts their organization at significant risk, and 64% say skills gaps present a greater challenge to securing their organizations than staffing shortages. Professionals said the following are the top five skills gaps at their organizations:
- AI (34%)
- Cloud computing security (30%)
- Zero trust implementation (27%)
- Digital forensics and incident response (25%)
- Application security (24%)
“The ISC2 Cybersecurity Workforce Study highlights a concerning perception among cybersecurity professionals. After two years of declining investment in hiring and professional development opportunities, organizations are now facing significant skills and staffing shortages – an issue that professionals warn is heightening overall risk,” said ISC2 Executive Vice President of Corporate Affairs Andy Woolnough. “At a time when global instability and emerging technologies like AI are rapidly increasing the threat landscape, investment in skills development and the next generation of the cyber workforce is more crucial than ever. This will enable cybersecurity professionals to meet these challenges and keep our critical assets secure.”
Attracting Entry-Level Talent
Nearly one-third (31%) of participants said their security teams had no entry-level professionals on their teams, and 15% said they had no junior-level (1-3 years of experience) professionals. Moreover, hiring managers – 62% of which currently had open roles on their teams – are focusing on hiring mid to advanced level roles rather than a broad mix of experience and abilities. This represents a high proportion of organizations that do not have a pipeline of professionals who can develop their foundational skillset in-house to bolster existing teams and instead are relying solely on hiring pre-qualified talent. Providing on-the-job training and professional development opportunities for entry-level talent is essential for developing a skilled cybersecurity workforce for the future, as well as offering advancement opportunities for the existing workforce.
Challenges Impacting Job Satisfaction
Job satisfaction among cybersecurity professionals has remained high over the last several years despite prevailing staffing challenges and escalating threats. However, this year – characterized by mounting security challenges, slow job growth and budget constraints – our study found a 66% favorable job satisfaction rate among professionals, down 4% from 2023. With mounting pressure on cybersecurity teams, declining job satisfaction can lead to professionals leaving the field and increased burnout, further exacerbating the workforce shortage.
This year’s research reveals three areas of action for organizations to address the global shortage of cybersecurity jobs growth, to encourage new individuals into the profession and to address the skills gap. This includes addressing job creation and hiring priorities, prioritizing in-house professional development and setting realistic and clear job role expectations.
Read the initial findings from the ISC2 2024 Workforce Study in the ISC2 Insights article, “Employers Must Act as Cybersecurity Workforce Growth Stalls and Workforce Skills Gaps Widen”.
The full 2024 ISC2 Cybersecurity Workforce Study will be published in October 2024.
+++
About the ISC2 Cybersecurity Workforce Study
ISC2 conducts in-depth research into the challenges and opportunities facing the cybersecurity profession. The ISC2 Cybersecurity Workforce Study is conducted annually to assess the cybersecurity workforce gap, to better understand the barriers facing the cybersecurity profession, and to uncover solutions that enable individuals to excel in their profession, achieve their career goals, and better secure their organizations' critical assets.
Methodology
The 2024 ISC2 Cybersecurity Workforce Study is based on online survey data collected in collaboration with Forrester Research, Inc. in April and May 2024 from 15,852 cybersecurity practitioners and decision-makers. The respondents reside in North America, Latin America (LATAM), the Asia-Pacific region (APAC) and Europe, Africa and the Middle East (EMEA). Respondents in non-English speaking countries completed a locally translated version of the survey.
About ISC2
ISC2 is the world’s leading member organization for cybersecurity professionals, driven by our vision of a safe and secure cyber world. Our nearly 675,000 members, candidates and associates around the globe are a force for good, safeguarding the way we live. Our award-winning certifications – including cybersecurity’s premier certification, the CISSP® – enable professionals to demonstrate their knowledge, skills and abilities at every stage of their careers. ISC2 strengthens the influence, diversity and vitality of the cybersecurity profession through advocacy, expertise and workforce empowerment that accelerates cyber safety and security in an interconnected world. Our charitable foundation, The Center for Cyber Safety and Education, helps create more access to cyber careers and educate those most vulnerable. Learn more and get involved at ISC2.org. Connect with us on X, Facebook and LinkedIn.
© 2024 ISC2 Inc., ISC2, CISSP, SSCP, CCSP, CGRC, CSSLP, HCISPP, ISSAP, ISSEP, ISSMP, CC, and CBK are registered marks of ISC2, Inc.
Media Contact:
Amanda Steinman
Senior PR Manager
ISC2
asteinman@isc2.org