Firms still feeling strain of cyber skills deficit despite workforce surge

Female cyber security analyst with glasses working on computer
(Image credit: Getty Images)

Growth in the cyber security workforce is still marred by a major skills deficit as talent flows continue to place strain on organizations, according to ISC2.

Findings from ICS2’s 2023 Cybersecurity Workforce Study show the global cyber workforce now stands at 5.5 million, marking an increase of 8.7% from 2022. This increase translates to an additional 440,000 jobs in the sector worldwide.

This represents the highest number of security practitioners ever recorded by ISC2. However, the organization warned that demand continues to outstrip supply and the workforce gap has reached a record high of 14 million. 

"While we celebrate the record number of new cyber security professionals entering the field, the pressing reality is that we must double this workforce to adequately protect organizations and their critical assets,” said ISC2 CEO Clar Rosso.

According to 75% of professionals in the field, the current threat landscape is the most challenging it has been in the last five years.  

Among the challenges impacting cyber security professionals are economic uncertainty, artificial intelligence (AI), fragmented regulations, and skills gaps.

The skills gap was specifically highlighted as a key hurdle faced by professionals and organizations globally. The study shows 92% of cyber security professionals reported skills gaps at their organization.

In particular, this deficit was found to be negatively impacting areas such as cloud security and limiting organizations’ ability to implement robust zero trust practices. 

A lack of skills is also impacting the use of artificial intelligence and machine learning at a raft of firms, the study found.

Nearly half (47%) of cyber security professionals have no or minimal knowledge of AI, the report found, and see cloud computing security as the most sought-after skill for career advancement. 

Workforce layoffs are also exacerbating the situation in cyber security, ISC2 found. 

More than half (51%) of firms that have had layoffs in cyber security staff were impacted by one or more significant skills deficit compared to just 39% of organizations that had not had layoffs. 

This is compounded by wider economic uncertainty, with 47% of respondents reporting they experienced cutbacks, including budget cuts and freezes in hiring and promotions. 

The cyber skills deficit is harming threat response

The study indicates that this has resulted in drops in the efficacy of threat responses. 

Two-thirds of respondents said cutbacks negatively impacted their productivity, team morale, and increased their workload. Furthermore, 57% of cyber security professionals said their response to threats has been inhibited by cuts while 52% observed an increase in insider risk-related incidents. 

Firms are taking action to address this situation, however. Respondents noted their organizations are increasingly adopting new strategies to strengthen security teams. 

72% of respondents said their organization is investing in staff training while 68% revealed they have increased funding for diversity, equity, and inclusion (DEI), programs to cater to a wider variety of prospective workers. 


A whitepaper from Meta discussing seven training challenges VR can help you solve

(Image credit: Meta)

Learn in VR: The beginner's guide

Discover how VR can help solve training challenges 


67% of organizations are also ramping up hiring to tackle their own internal skills deficits and bolster workforce numbers, the study found. 

Diversity and inclusion in cyber security has traditionally been a weak area for the sector and the study revealed that there is still room for improvement. 

At present, women represent just 26% of cyber security professionals under the age of 30. 

Implementing skills-based hiring was shown to have a positive impact in this regard as organizations that adopted this approach observed an average of 25.5% women in their workforce, compared to 22.2% of firms that haven’t. 

The gender deficit in cyber security has been a recurring issue in the space for several years now. A recent study by the UK government found the number of women in cyber dropped over the last year, sparking concerns that efforts to boost workforce diversity are falling flat.  

Solomon Klappholz
Staff Writer

Solomon Klappholz is a Staff Writer at ITPro. He has experience writing about the technologies that facilitate industrial manufacturing which led to him developing a particular interest in IT regulation, industrial infrastructure applications, and machine learning.