11 min read

The Cybersecurity Skills Gap: What Is It and What Does it Mean for Organizations?

Cybersecurity is a global issue and a growing one too. Every 39 seconds, a cyber attack occurs, amounting to more than 30,000 website hacks every day

If you have little connection to the cybersecurity industry and assume the skills shortage doesn’t impact you, you’re sorely mistaken. Digital infrastructure dictates every aspect of our lives — from healthcare to banking. And if there’s one thing we’re sure of: less available talent creates an insecure environment for more cyber attacks to occur… and this is an issue that affects everyone. 

There were more than 700,000 cybersecurity job openings in the US between May 2021 and April 2022

So, the question must be asked: where global demand is increasing and available talent is shrinking, what can organizations do to safeguard their organizations amidst growing attacks? In this article, we’ll delve into the current state of the cybersecurity skills gap, potential factors contributing to the shortage, and what this means for organizations — large and small. 

Statistics that paint the frightening reality of cybersecurity threats

Five factors perpetuating the cybersecurity skills gap

According to Cybersecurity Ventures, the number of unfilled cybersecurity roles increased by 350% globally in just eight years. In 2013, there were one million open cyber jobs; in 2021, that number grew to 3.5 million. In the US alone, there are roughly 1.1 million filled cyber positions and more than 700,000 unfilled positions, according to Cyberseek. 

According to a 2022 ISC2 survey, the global cybersecurity workforce is estimated at 4.7 million — an 11.1% increase since 2021. Although 464,000 jobs have been filled in the past year, the cybersecurity talent gap has grown twice as much as the workforce, increasing 26.2% year on year.  

The cybersecurity skills gap
The cybersecurity talent gap has grown twice as much as the workforce, according to ISC2

Let’s take a closer look at what reasons could be contributing to and worsening the cybersecurity skills shortage. 

1. Cybersecurity demands are skyrocketing

The need for skilled professionals is growing increasingly fast. With advancements in technology and the rate at which organizations are becoming more dependent on technology to run their operations, store data, and communicate with clients, the demand for cyber employees far outweighs the current supply. But why exactly? The evolving threat landscape is growing in complexity, requiring skilled cyber professionals to help fix and mitigate the risks. 

Additionally, the demand grew much faster than what the workforce was prepared for (350% increase in eight years), resulting in organizations experiencing the impact of unpredictable events like COVID-19 — where remote working made organizations even more vulnerable to cyberattacks, causing a spike in cybercrime. 

The existing workforce is battling growing pressure and demands. On the one hand, they’re expected to safeguard their organizations from threats that are increasing in complexity, sophistication, and frequency. And on the other hand, they’re trying to stay updated with new technology and regulatory requirements. 

2. The cybersecurity workforce lacks diversity

Roughly only 25% of cybersecurity workers are female globally, according to ISC2. Additionally, an Aspen Institute study found that the US cyber workforce identify as 4% Hispanic, 9% black, 6% Asian, and 1% native or native Hawaiian

The us cybersecurity workforce lacks diversity
According to Aspen Institute, the US cyber workforce is largely homogenous

It’s unclear why diversity has been lacking in this industry for some time. Yet, researchers believe it could be the culmination of various factors, including industry stereotypes discouraging certain groups, organizations failing to prioritize inclusion and diversity, and educational institutions not offering enough course variety to all students. For example, according to an ISC2 study, 77% of respondents revealed their curriculum didn’t offer formal cybersecurity education

According to a Trellix survey, respondents believe the following factors are highly or extremely important to address to encourage more people to enter the industry:

  • Inclusivity and equality for women — 79%
  • Industry diversity — 77%
  • Pay gaps between demographic groups — 72%
  • Employers considering applicants from non-traditional cybersecurity backgrounds — 94%
  • Additional efforts to broaden the cybersecurity talent pool from diverse groups — 91%
  • More mentorships, internships, and apprenticeships to support people from diverse backgrounds to enter the industry — 92%

While we have a long way to go to achieve true diversity in cybersecurity, private and public sector entities are prioritizing initiatives that give access to underrepresented candidates. Why exactly? Diversity matters in the workforce. Firstly, it’s proven to improve productivity and bottom-line outcomes, and secondly, it gives organizations a broader and more diverse talent pool to choose from — a particularly advantageous factor amidst a candidate shortage. 

3. Unnecessary candidate requirements

In an industry already feeling the full weight of the skills shortage, adding unnecessary requirements to the application process is a sure way to deter potentially suitable candidates. 

Up until recently, gaining access to a career in cybersecurity often required a relevant college degree, various cyber certifications, and experience. Yet, the degree requirement alone is enough to automatically eliminate a huge portion of potential candidates, given more than 60% of Americans don’t hold a bachelor’s degree. 

Candidates come from diverse backgrounds and attain their skills through several pathways — whether a college degree or self-teaching — and now more than ever, acknowledging the many routes one can take is needed to help close the cyber skills gap. 

4. Cybersecurity is a mysterious industry

According to a Trellix survey of existing cybersecurity professionals, one potential reason contributing to the cybersecurity skills gap is the lack of industry understanding — including skill development, how to enter the industry, the career path options, and how it contributes to society. 

According to respondents, the following factors are deemed extremely important for encouraging more workers into a career in cybersecurity: 

  • 85% believe more support is needed for skills development
  • 84% believe in improving the understanding of what’s needed to enter a career in cybersecurity
  • 80% believe a better understanding of potential career paths and progression is needed
  • 80% believe more acknowledgment of how cybersecurity professionals contribute to society is needed
  • 80% believe in improving support for qualifications and certifications

Similarly, when asked which of the following options would best encourage candidates to join the cybersecurity industry, respondents ranked the following most important:

  • 43% of respondents believe more efforts need to be made to raise awareness of cybersecurity careers
  • 41% of respondents believe more encouragement needs to be given to students to pursue STEM-related careers throughout education
  • 39% of respondents believe further funding support for cybersecurity qualifications and certifications is needed 
  • 33% of respondents believe further funding is needed for STEM-related careers 
  • 28% of respondents believe changing the required qualifications is a much-needed change 
What would encourage talent to join the cybersecurity industry
According to Trellix, almost half of respondents believe there needs to be more awareness of cybersecurity careers

5. The existing cybersecurity workforce is dissatisfied

Recent findings suggest that finding new candidates to join the cybersecurity workforce isn’t the only issue the industry faces. They’re also struggling to retain talent. According to a Trellix survey, 30% of cybersecurity professionals plan to change careers within two or so years

Consider the following findings:

  • Almost 70% of cybersecurity workers feel their employer doesn’t have an adequate cybersecurity team to be effective, according to the 2022 ISC2 survey. 
  • Of the one-third of professionals wanting to leave the cybersecurity profession, most future exits are due to feeling undervalued by their workplace or that there aren’t clear opportunities to progress. According to the Trellix survey, cybersecurity workers are looking to leave due to a lack of career progression (35%), a lack of acknowledgment (31%), and not enough support to improve their skills (25%). 
  • The same Trellix survey also found reasons for wanting to leave the profession included burnout and salary dissatisfaction. 
Why the existing cybersecurity workforce is dissatisifed
According to Trellix, one-third of cybersecurity professionals have plans to switch careers in two or so years

What does the cybersecurity skills crisis mean for organizations?

Since 2019, the FBI has seen a 69% increase in cybercrime-related attacks. Similarly, the prevalence and impact of data breaches in the United States have hit a new record, averaging a total cost of $4.35 million in 2022 — a 12.7% increase from 2020. 

Yet, according to a 2016 Center for Strategic and International Studies (CISIS) study, organizations aren’t adequately prepared to tackle these costly threats. 82% of respondents admit a lack of cybersecurity skills within their organization, and 71% acknowledge that the skills gap makes their organization more vulnerable to outside threats. 

Cybercrime is growing at an alarming rate, and a lot of it is due to the scarce resources to help defend organizations’ critical assets. As a result, organizations are more vulnerable and susceptible to outside threats. Yet, the risks can be mitigated. Consider the following:

1. Hire a cybersecurity team or specialist

If budget allows, and your organization’s size and structure call for it, it might be time to invest in a cybersecurity professional. However, be willing to pay the price — due to the growing demand, tech salaries hit a record high in 2021, with the average US tech salary sitting at $104,566. While supply is low, organizations must increase salaries and packages to attract scarce talent. 

2. Invest in AI security

Many organizations are leaning on AI-powered tools to help identify threats and secure sensitive data. According to IBM, organizations that have deployed security AI and automation have experienced an average cost saving of $3.05 million on data breaches

3. Train your existing team

If you don’t have a cybersecurity team or specialist, you need to focus on educating your team on what to be aware of and what to do in instances where they suspect a breach. Consider upskilling your team in cybersecurity courses or testing their existing skills with our free cybersecurity awareness assessment. When it comes to cyber security awareness, it’s everyone’s responsibility to help minimize its impact. 

4. Consider the wellbeing of your existing cybersecurity professionals

According to Mimecast’s State of Email Security 2022 report, 84% of cybersecurity professionals in North America alone admitted to experiencing burnout, resulting from more cyber threats, too few candidates (i.e., talent shortage), and other employees’ making burnout-driven mistakes. If your organization has an existing cybersecurity team or specialist, it’s essential to check their wellbeing to ensure they’re satisfied and supported. 

Final thoughts

There are more threatening cyberattacks than ever before — in sheer numbers and sophistication. Cyberattacks are increasing at an alarming rate, and there are not enough people to help safeguard the online world. As such, this puts organizations — large and small — at risk of being exposed to greater online danger. 

While various factors contribute to the cybersecurity skills shortage, we know greater prioritization needs to be given to educate both organizations and individuals on the industry, as well as how to mitigate the risks. 

Organizations can start by educating their existing workforce on identifying and resolving threats, expanding their team to make room for a cybersecurity specialist, or ensuring their existing cybersecurity team has the support they need to feel satisfied in the role. 

To gain a better understanding of your organization’s cyber knowledge, take our free cybersecurity awareness and preparedness test today!

Bec Eaton

Bec Eaton

Bec Eaton is a Copywriter with over eight years of experience in writing compelling, brand-aligned, and solution-driven copy across a range of industries. Bec joined the Vervoe team in 2022, and currently works as their Content Marketing Specialist.

Similar articles you may be interested in​

Traditional hiring processes are notoriously slow and long-winded. That’s a fact. According to LinkedIn, it takes companies 41 days to...

November 9, 2022

Cybersecurity is one of the fastest-growing industries in the world.  In the US alone, there were more than 700,000 job...

October 25, 2022

When you think of a “hacker,” you probably unconsciously envision a mysterious hooded man, wearing blacked-out sunglasses, surrounded by illuminated...

October 20, 2022