This week saw the release of the 2020 (ISC)2 Cybersecurity Workforce Study, one of the accurate barometers of the prevalent skills shortage in the industry.
Based on a survey of 3790 respondents, the headline statistic was a year-over-year reduction in the cybersecurity workforce gap, which (ISC)2 said was due in part to increased talent entry into the field and uncertain demand due to the economic impact of COVID-19. This means there are 3.5 million individuals currently working in the field of cybersecurity, an additional 700,000 professionals compared with last year’s workforce estimate.
Clar Rosso, CEO of (ISC)2, said the response to COVID-19 by the community, and its ability to help securely migrate entire organizational systems to remote work almost overnight, “has been an unprecedented success and a best case scenario in a lot of ways: cybersecurity professionals rose to the challenge and solidified their value to their organizations.”
So, what else did this year’s report teach us? Here are 10 things learned from the workforce study.
- Despite the workforce shortage decrease (from 4.07 million to 3.12 million) employment in the field now needs to grow by approximately 41% in the US and 89% worldwide in order to fill the talent gap
- When it came to enabling remote work, 30% of cybersecurity professionals faced a deadline of one day or less to transition their organizations’ staff, and only 16% had more than a week
- Cloud computing security is far and away the most in-demand skillset, with 40% of respondents indicating they plan to develop it over the next two years
- Just over half (56%) of respondents said their organizations are at risk due to cybersecurity staff shortages
- A quarter (25%) reported improved team communications due to the pandemic, while 12% said it was worse, and 60% reported it was unchanged
- Only 19% reported a reduction in salary due to the pandemic; the average annual cybersecurity salary is $83,000, with the highest in North America at $112,000, Europe at $74,000 and APAC at $56,000
- Just 49% of those in the field hold degrees in computer and information sciences
- Of those polled, 42% said there is a slight shortage of dedicated cybersecurity staff, while 30% said they have the right amount of staff; 22% cited a “significant” shortage
- Just under half (48%) of respondents said they plan to increase their cybersecurity staff over the next 12 months, a 2% decrease from 2019; 39% said there would be no change
- Practitioners are concerned that security budgets will be impacted by revenue losses related to COVID-19. More than half (54%) are concerned about personnel spending while 51% are concerned about technology spending