The global cybersecurity skills shortage has fallen for the first time, research from the International Information System Security Certification Consortium, or (ISC)2, has shown.
A skills shortage occurs when organisations have difficulties filling job vacancies in a particular area, due to a lack of suitable job candidates. The global tech industry as a whole has long faced a skills shortage, with management consultancy firm Korn Ferry predicting that by 2030, there could be a global talent shortage of 85.2 million people.
However, a report by CWJobs published last week indicates that the UK’s tech skills shortage could be improving, with 55% of non-tech workers surveyed saying that they have thought about or started to move into a career in tech.
This could be due to the ongoing Covid-19 pandemic, which has seen the rise in remote working and cloud computing, as well as a focus on digital offerings, meaning tech skills are very much in-demand.
When it comes to cybersecurity, the report from (ISC)2 found that for the first time, there has been a year-over-year reduction in the cybersecurity skills shortage.
Between mid-April through June 2020, it surveyed 3,790 respondents, whose job involves dedicating at least 25% of their time to cybersecurity, across 14 geographies for its 2020 Cybersecurity Workforce Study.
Last year, the global cybersecurity sector reported a workforce shortage of 4.07 million. This has now decreased to 3.12 million, with an estimated 700,000 professionals now employed in the sector, 25% more than last year’s workforce estimate.
(ISC)2 has attributed this reduction in the cybersecurity skills shortage to an “increased talent entry into the field and uncertain demand due to the economic impact of Covid-19”.
“Overall we’re seeing some very positive trends from the cybersecurity workforce reflected in this new data,” said Clar Rosso, CEO of (ISC)2. “The response to Covid-19 by the community and their ability to help securely migrate entire organisational systems to remote work, almost overnight, has been an unprecedented success and a best-case scenario in a lot of ways. Cybersecurity professionals rose to the challenge and solidified their value to their organisations.”
However, despite this encouraging news, the (ISC)2 highlighted that employment in the cybersecurity field still needs to grow by approximately 89% worldwide and 41% in the US to fill the talent gap. 56% of survey respondents also said their organisation are at risk due to cybersecurity staff shortages.
The report also revealed that job satisfaction rates in the cybersecurity industry increased year-over-year, with 75% of respondents saying they are either “somewhat” or “very” satisfied with their job.
In terms of the skills employers are looking for, cloud computing security emerged as the most in-demand skillset. However, just 49% of those working in the industry hold degrees in computer and information sciences, suggesting that it is common to retrain or move over from another industry.
Organisations must have a “layered cybersecurity strategy”
Dr Kiri Addison, Head of data science, threat intelligence at Mimecast said that although the report’s findings are positive, a lot still needs to be done to tackle the current threat landscape:
“Whilst the reported increase in the number of professionals joining the workforce in 2020 is a positive result, the plans to downsize security teams are concerning. 2020 has seen many successful cyberattacks and our threat researchers found that Covid-19 has opened new opportunities for threat actors in the first months of 2020, with a 35% rise in email-based malware threats from January to April.
“Cybersecurity boots on the ground is certainly one way for organisations to deal with this increased threat, but they must ensure they also have a layered cybersecurity strategy in place. Only then will they be ready to deal with modern threats.”