Research indicates that the global cybersecurity workforce must expand by 87% to address a significant shortfall in cyber talent. According to ISC2’s 2024 Cybersecurity Workforce Study, approximately 5.5 million individuals are currently employed in cybersecurity, while an additional 4.8 million are needed to reach a total of 10.2 million professionals essential for maintaining comprehensive security within organizations.
As technology continues to play a vital role in both professional and personal spheres, the demand for cybersecurity expertise has grown. ISC2 notes that the gap in the cybersecurity workforce has widened by 19% compared to the previous year, indicating that the growing need for professionals is outpacing the availability of qualified staff. If this gap is not addressed, organizations may face heightened vulnerabilities.
Andy Woolnough, the executive vice-president of Corporate Affairs at ISC2, remarked, “The ISC2 Cybersecurity Workforce Study reveals alarming trends among cybersecurity professionals. Following two years of reduced investment in hiring and professional development, companies are now encountering significant skills and staffing shortages—a situation that experts warn could increase overall risk.”
While the total number of cybersecurity workers globally has remained steady at around 5.5 million over the past year, regional changes have been noted, with some countries seeing growth and others reporting declines. For instance, in the UK, the number of cybersecurity professionals fell from 367,300 in 2023 to 349,360 in 2024, a decrease of 4.9%. Moreover, a study by Computer Weekly found that 37% of firms reported struggling to access cybersecurity talent, which poses a serious issue.
### Workforce Shortages
In terms of global skills gaps in cybersecurity, ISC2 found that 90% of respondents acknowledged skill deficiencies within their organizations, while 35% reported both a worker and skills shortage. More than 60% of participants indicated that the lack of skills among team members is a more pressing issue than a mere shortage of workers.
There is a disconnect between the skills firms seek when hiring cybersecurity professionals and the skills that current professionals believe are most important. For instance, problem-solving skills are the top priority for 31% of hiring managers, but only 28% of cybersecurity professionals consider it a critical area of demand. Conversely, 31% of professionals think communication skills are essential, even though only a quarter of hiring managers prioritize this attribute.
Respondents highlighted significant knowledge gaps within their teams, particularly in artificial intelligence (AI) and machine learning (ML), which 34% cited as lacking. Other crucial skills found to be deficient include cloud computing security, zero-trust implementation, digital forensics, incident response, and application security.
Economic pressures have prompted many organizations to cut costs. Although the total number of cybersecurity professionals has not changed year-over-year, concerns about expenditures may be hindering hiring and growth within this sector, as indicated by ISC2’s findings. Nearly 40% of respondents attributed the shortage of cybersecurity workers primarily to budget constraints, with a quarter experiencing layoffs—an increase of 3% from the previous year—and 37% reporting budget cuts over the past year.
Analysis of LinkedIn job postings revealed that globally, the number of cybersecurity job openings has either stagnated or declined, with significant growth in job postings only in Spain and Mexico, up 5.5% and 6.8%, respectively, compared to the previous year. Almost 60% of workers expressed that the shortage of cyber staff is escalating their organizations’ risk of cyber incidents, particularly as 74% noted that the current threat landscape is the most severe it has been in five years.
Woolnough emphasized, “In an era of global instability and the rapid emergence of technologies like AI, investing in skill development and cultivating the next generation of the cybersecurity workforce is more crucial than ever. This investment is essential for empowering cybersecurity professionals to tackle these challenges and safeguard our critical assets.”
### Effects on Employee Well-Being
The shortage of cybersecurity roles not only jeopardizes businesses but also impacts employee well-being, as job satisfaction among cybersecurity professionals has declined by 4% year-over-year, likely due to increased workloads. Currently, 31% of ISC2 respondents reported having no entry-level team members, and 15% indicated a lack of junior staff, highlighting a lack of natural career progression and contributing to the difficulties organizations face in recruiting necessary talent.
Streamlining the hiring process could help boost the number of cybersecurity professionals while narrowing the skills gap by ensuring new hires receive applicable training during onboarding. ISC2 outlined three strategies for organizations to address both the workforce shortages and skills gaps facing the industry: promoting ongoing skills development at all levels, enhancing transparency regarding job expectations and in-demand skills, and attracting new talent to the cybersecurity sector.