The Skills Shortage Presents A Looming Cyber Security Threat

The global IT security skills shortage has surpassed four million, according to (ISC)2.  In the United States alone, current estimates suggest a shortage of cyber security employees of 1.8 million by 2022.  Indeed, their recent survey of the job market for cyber security professionals reveals that most countries need significant increases and sustained improvements in their cyber security workforces.

The certifications organisation compiled its latest Cybersecurity Workforce Study from interviews with over 3200 security professionals around the world. The (ISC)2 data indicates a necessary cybersecurity workforce increase of 145%.

 The study provides  insights and strategies for building and growing strong cybersecurity teams as many organisations struggle with a proliferation of attacks by hackers.

The report estimated the current global workforce at 2.93 million, including 289,000 in the UK and 805,000 in the US.

  • The number of unfilled positions now stands at 4.07 million professionals, up from 2.93 million this time last year.
  • This includes 561,000 in North America and a staggering 2.6 million short-fall in APAC. 
  •  In the US market, the current cyber security workforce estimate is 804,700 and the shortage of skilled professionals is 498,480, requiring an increase of 62% to better defend US organisations. 
  • The shortage of skilled workers in the industry in Europe has soared by more than 100% over the same period, from 142,000 to 291,000.

To tackle the problem in the the US the Dept of Homeland Security (DHS) Science and Technology Directorate (S&T), in partnership with the Cybersecurity and Infrastructure Security Agency (CISA), has awarded $2 million to an initiative that will build a national network of cyber security technical institutes.

The aim of new US cybersecurity technical institutes is to shrink the cyber security workforce shortage. 

Referring to cyber security workforce needs, the report found that “the majority of US critical infrastructure is owned and operated by private companies, making its cybersecurity workforce vital.... Also, the Federal government depends heavily on its cyber security workforce, supplemented by contractors.”

(ISC)2 Report stresses the need to attract new workers from other professions, or recent graduates with tangential degrees, as well as seasoned professionals from consulting and contracting sectors.

Organisations should look to strengthen from within by cross-training existing IT professionals where appropriate. The biggest role needs in security teams are, in fact, not what we would traditionally classify as cybersecurity roles, they're cyber-enabled roles.

 A cyber-enabled employee should have an above-average understanding of cyber security, but does not need the breadth and depth of knowledge that a dedicated cybersecurity practitioner has.

Companies also need to invest in their workforce strategies and training. It's important to create, tailor, and deliver upskilling solutions to employers based on their unique workforce requirements and roles. That means a need for modular, skill-focused education that allows employees to acquire new knowledge in shorter amounts of time without sacrificing work productivity.

(ISC)2:       Infosecurity Magazine:      Dark Reading:        I-HLS:    

For a cost effective Cyber Audit and recommendations on  Cyber Security Training please contact Cyber Security Intelligence.

You Might Also Read: 

Critical Cyber Security Threats & Solutions For Business:

 

« Is AI The Future of Cyber Security?
Latest Cyber Attacks On Game-Makers »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

FT Cyber Resilience Summit: Europe

FT Cyber Resilience Summit: Europe

27 November 2024 | In-Person & Digital | 22 Bishopsgate, London. Business leaders, Innovators & Experts address evolving cybersecurity risks.

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

Thycotic

Thycotic

Thycotic prevents cyber attacks by securing passwords, protecting endpoints and controlling application access.

National Cyber Security Centre (NCSC) - Norway

National Cyber Security Centre (NCSC) - Norway

NCSC is part of the Norwegian Security Authority, and is Norway's national cyber security hub and the national CERT.

Secure Thingz

Secure Thingz

Secure Thingz focus on developing and delivering advanced security solutions into the emerging Industrial Internet of Things (IIoT) and Critical Infrastructure markets.

Post-Quantum

Post-Quantum

Post-Quantum offer a unique, patented quantum-resistant encryption algorithm that can be applied to existing products and networks.

Cyber Defense Labs

Cyber Defense Labs

Cyber Defense Labs helps companies identify, mitigate and reduce risk as a trusted, reliable partner for cyber risk management.

Independent Security Evaluators (ISE)

Independent Security Evaluators (ISE)

ISE is an independent security consulting firm headquartered in Baltimore, Maryland dedicated to securing high value assets for global enterprises and performing groundbreaking security research.

Volexity

Volexity

Volexity is a leading provider of threat intelligence and incident suppression services and solutions.

GOVCERT.lu

GOVCERT.lu

GOVCERT.lu is responsible for the treatment of all computer related incidents jeopardising the information systems of the government and defined critical infrastructure operators in Luxembourg.

WiJungle

WiJungle

WiJungle is an Indian Cyber Security Company that develops and markets a unified network security gateway solution.

Query.ai

Query.ai

At Query.AI, we are committed to helping companies unlock the power of their security data, so they are empowered to meet security investigation and response goals while simultaneously reducing costs.

Infostream

Infostream

Infostream is a leading integrator of Digital Transformations Solutions (DTS); Public, Private, and Hybrid Cloud; Cybersecurity; Data Integrity; DevOps, DevSecOps, and Infrastructures.

Halborn

Halborn

Elite blockchain cybersecurity. Award-winning ethical blockchain hackers to secure your stack end-to-end. Far beyond smart contracts.

SignalFire

SignalFire

SignalFire invest across both enterprise and consumer sectors at the seed and early growth stages.

Halogen Group

Halogen Group

Halogen Group is the leading Security Solutions Provider in West Africa. Services encompass Physical Security, Electronic Security, Virtual & Cyber Security, Risk Assessments and Training.

Radiance Technologies

Radiance Technologies

Radiance solutions provide technological advantage and operational superiority for our nation in the areas of intelligence, cyber and advanced weapon systems.

Windstream

Windstream

Windstream is a leading provider of advanced network communications and technology solutions for consumers, small businesses, enterprise organizations and carrier partners across the US.