(ISC)² Cybersecurity Workforce Study Sheds New Light on Global Talent Demand Amid a Lingering Pandemic
New 2021data finds continued resilient growth trajectory for cybersecurity profession, offers practical solutions for closing the gap
Clearwater, Fla., October 26, 2021 – (ISC)² – the world’s largest nonprofit association of certified cybersecurity professionals – today released the findings of its 2021(ISC)² Cybersecurity Workforce Study. The study reveals updated figures for both the Cybersecurity Workforce Estimate and the Cybersecurity Workforce Gap in 2021, provides key insights into the makeup of the profession and explores the challenges and opportunities that exist for professionals and hiring organizations.
The study reveals a decrease in the global workforce shortage for the second consecutive year from 3.12 million down to 2.72 million cybersecurity professionals. There are two significant contributing factors to this year’s workforce gap estimate. The first is that 700,000 new entrants joined the field since 2020, contributing to a sharp increase in the available supply, now up to 4.19 million people. The second is that the workforce gap for every region other than Asia-Pacific increased. Data suggests that slower economic recovery from the pandemic and its impact on small businesses and critical sectors like IT services (a major cybersecurity employer in the region) is contributing to the relative softness in demand for cybersecurity professionals compared to North America, Europe and Latin America. However, Asia-Pacific still has the largest regional workforce gap of 1.42 million.
Even with 700,000 new entrants, demand continues to outpace the supply of talent. The global cybersecurity workforce needs to grow 65% to effectively defend organizations’ critical assets.
“Any increase in the global supply of cybersecurity professionals is encouraging, but let’s be realistic about what we still need and the urgency of the task before us,” said Clar Rosso, CEO, (ISC)². “The study tells us where talent is needed most and that traditional hiring practices are insufficient. We must put people before technology, invest in their development and embrace remote work as an opportunity. And perhaps most importantly, organizations must adopt meaningful diversity, equity and inclusion practices to meet employee expectations and close the gap.”
How Organizations Overcome Their Gap
This year’s research provides fresh perspectives into how organizations are overcoming their own workforce gaps. Study participants shared their organizations’ planned talent and technology investments, including:
- More training (36%); providing more flexible working conditions (33%); and investing in diversity, equity and inclusion (DEI) initiatives (29%)
- Using cloud service providers (38%); deploying intelligence and automation for manual tasks (37%); and involving cybersecurity staff earlier in third-party relationships (32%)
The study uncovered the avoidable consequences that occur when cybersecurity staff is stretched too thin. Participants said they experienced misconfigured systems (32%); not enough time for proper risk assessment and management (30%); slowly patched critical systems (29%); and rushed deployments (27%).
Participants also offered opinions on what specialized skills and roles their teams lack, aligned with the roles outlined in the U.S. government’s National Initiative for Cybersecurity Education (NICE) Framework. They cited categories such as Securely Provision (48%); Analyze (47%); and Protect and Defend (47%) as the top areas of need, but the data also shows a strong need for help across all roles.
Lasting Pandemic Impact
The percentage of cybersecurity professionals working remotely in some capacity due to the pandemic remains unchanged at 85%; however, 37% report they must now come to the office at times compared to 31% in 2020. In addition to the advantages of remote work as a public health measure, organizations cited improved workplace flexibility (53%); accelerated innovation and digital transformation efforts (37%); and stronger collaboration (34%) as some of the ways the pandemic has changed their organizations for the better.
Security challenges arising from remote workforces included rapid deployment of new collaboration tools (31%); lack of security awareness among remote workers (30%); and rising concern for the physical security of distributed assets (29%).
Additional highlighted findings include:
- Cybersecurity professionals have consistently expressed very high levels of job satisfaction over the last four years—a record 77% of respondents reported they are satisfied or extremely satisfied with their jobs.
- More cybersecurity professionals are getting their start outside of IT— 17% transitioned from unrelated career fields, 15% gained access through cybersecurity education and 15% explored cybersecurity concepts independently. Alternate points of entry are more common for women than men – only 38% of female participants started their careers in IT compared to 50% of male participants.
- The average salary of a cybersecurity professional before taxes is U.S. $90,900—up from U.S. $83,000 among respondents in 2020. Salaries of certified cybersecurity professionals are U.S. $33,000 higher than those with no certifications.
- Cloud computing security is once again the top priority for cybersecurity professionals’ skills development in the next two years
To download a copy of the report and learn more about the recommended actions organizations can take, visit: https://www.isc2.org/Research/Workforce-Study
(ISC)² collected data from a record 4,753 cybersecurity and IT/ICT professionals, all of whom dedicate at least 25% of their time to cybersecurity tasks, working with small, medium and large organizations throughout North America, Europe, Latin America (LATAM) and Asia-Pacific (APAC) to accurately assess the size of the current cybersecurity workforce and the challenges it faces amid an evolving threat landscape. A detailed explanation of the estimation methodology for the Cybersecurity Workforce Gap is included in the report.
About the (ISC)² Cybersecurity Workforce Study
(ISC)² conducts in-depth research into the challenges and opportunities facing the cybersecurity profession. The (ISC)² Cybersecurity Workforce Study is fielded annually to assess the cybersecurity workforce gap, better understand the barriers facing the cybersecurity profession, and uncover solutions that position these talented individuals to excel in their profession, better secure their organizations’ critical assets and achieve their career goals. The margin of error for the global descriptive statistics in this research is plus or minus 1.4% at a 95% confidence level.
(ISC)² is an international nonprofit membership association focused on inspiring a safe and secure cyber world. Best known for the acclaimed Certified Information Systems Security Professional (CISSP®) certification, (ISC)² offers a portfolio of credentials that are part of a holistic, pragmatic approach to security. Our membership, more than 158,000 strong, is made up of certified cyber, information, software and infrastructure security professionals who are making a difference and helping to advance the industry. Our vision is supported by our commitment to educate and reach the general public through our charitable foundation – The Center for Cyber Safety and Education™. For more information on (ISC)², visit www.isc2.org, follow us on Twitter or connect with us on Facebook and LinkedIn.
© 2021 (ISC)² Inc., (ISC)², CISSP, SSCP, CCSP, CAP, CSSLP, HCISPP, CISSP-ISSAP, CISSP-ISSEP, CISSP-ISSMP and CBK are registered marks of (ISC)², Inc.
Corporate Public Relations Manager