The cybersecurity industry in the United States and 10 other major global economies currently employs 2.8 million professionals. But the industry continues to struggle with a significant workforce shortage, and it would take another 4 million professionals to close the gap.
That would mean an increase of 145% cybersecurity workers, according to the findings of the (ISC)² Cybersecurity Workforce Study 2019. The study, released this week, represents the first estimate of how many people are employed in cybersecurity. Countries covered by the study are the U.S., U.K., Canada, Germany, France, Australia, Singapore, Brazil, Mexico, Japan and South Korea.
According to the findings, U.S. organizations currently employ 804,700 cybersecurity professionals, and it would take a 62% increase to fill the current shortage of 498,480 workers. The gap in Asia Pacific is 2.6 million and 291,000 in Europe. The shortage makes it harder for organizations to effectively address cyber threats.
The study does not cover China and India because of the “the limited information available about the size of the business sector in these markets.” Both countries have huge populations and experienced rapid economic growth; adding them would likely lead to overstating the total number of cybersecurity professionals.
In previous years, the primary goal of (ISC)² workforce studies had been to estimate the workforce shortage. However, this time the organization set out to calculate the size of the workforce in addition to the skills gap. Performing this workforce calculation gives organizations worldwide a better understanding of what’s required for success in the cybersecurity age.
The cybersecurity workforce shortage of 4 million represents an increase of roughly one third from nearly 3 million in 2018. The study attributes the increase primarily to a surge in hiring demand.
Understandably, there is some urgency to beefing up cybersecurity teams since cyber attacks continue to be a major problem for organizations of all shapes and sizes. Cyber risks are a top business concern for CEOs across the globe.
The data comes just one day after the introduction of a new cybersecurity workforce expansion bill to the U.S. Senate, known as The Harvesting American Cybersecurity Knowledge through Education Act, which seeks to incentivize the recruitment of educators in the field, design clear paths for professionals and increase coordination between agencies.
The 2019 Workforce Study found that 65% of organizations are grappling with a shortage of cybersecurity staff. The lack of qualified professionals is the top concern (36%) of survey respondents, who worry more about the shortage than a lack of resources to do their jobs (27%) and inadequate budget (24%). The shortage creates moderate or extreme risks for organizations, according to 51% of respondents.
Respondents in the survey covered a range of cybersecurity roles, including CISO, IT director, security analyst, security administrator and compliance officer. The study polled 3,237 individuals responsible for security/cybersecurity, more than double the number in the previous study (1,452).