The global cybersecurity workforce gap has surged by 19% in the past year, with an estimated 4.8 million more professionals now required to adequately secure organizations, according to new ISC2 figures.
The top cause of cybersecurity staffing shortages cited by the ISC2 survey respondents was lack of budget in 2024 (39%). This replaced a shortage of talent as the top factor for these shortages in 2023.
The initial release of findings from the 2024 ISC2 Cybersecurity Workforce Study also showed that global cybersecurity workforce growth has slowed for the first time in six years.
The training and accreditation body estimated that there are around 5.5 million active cybersecurity professionals, up by just 0.1% from 2023.
In contrast, in 2023 the workforce grew 8.7% year-on-year.
Overall, 90% of respondents reported having skills gaps within their security teams.
The study also highlighted a particular lack of entry-level roles in security teams. Around a third (31%) of respondents said their teams had no entry-level professionals on their teams, with 15% reporting they had no junior-level professionals.
Hiring managers, 62% of which currently had open roles on their teams, are focused on hiring mid to advanced level roles rather than a broad mix of experience and abilities, the study found.
Economic Instability Driving Cyber Workforce Shortage
The report highlighted significant impacts of global economic instability on cybersecurity teams. This included:
- 37% experiencing budget cuts, up by 7% from 2023
- 25% experiencing layoffs in their cybersecurity team, up by 3% from 2023
- 38% experiencing hiring freezes, up by 6% from 2023
- 32% seeing fewer promotions within their cybersecurity team, up by 6% from 2023
These budget pressures come despite 74% of cybersecurity professionals believing that the threat landscape is the worst they have seen in five years.
The majority (58%) of respondents also believe a shortage of skills puts their organization at significant risk.
ISC2 Executive Vice President of Corporate Affairs, Andy Woolnough, warned that declining investment in hiring and professional development opportunities is increasing overall cyber risks.
“At a time when global instability and emerging technologies like AI are rapidly increasing the threat landscape, investment in skills development and the next generation of the cyber workforce is more crucial than ever. This will enable cybersecurity professionals to meet these challenges and keep our critical assets secure,” said Woolnough.
AI the Top Skills Gap in Security Teams
The top skills gap reported by participants was in AI (34%). This was followed by cloud computing security (30%), zero trust implementation (27%), digital forensics and incident response (25%) and application security (24%).
Despite this, just 12% of hiring managers prioritize AI skills when recuriting for cyber professionals.
The 2024 ISC2 Cybersecurity Workforce Study collected insights from 15,852 cybersecurity practitioners and decision-makers based in North America, Latin America, the Asia-Pacific region (APAC) and Europe, Africa and the Middle East (EMEA).