Cybersecurity workforce is growing, but staff shortages still put businesses at risk

Dive Brief:

The cybersecurity workforce grew to 4.19 million professions this year, a 20% increase over 2020, thanks to the addition of 700,000 professionals, according to the 2021 (ISC)² Cybersecurity Workforce Study released Tuesday. The research is based on a survey of 4,753 global cybersecurity professionals, conducted in collaboration with Aberdeen Strategy and Research.
The U.S. cybersecurity workforce saw a 30% increase in 2021, growing from 879,157 cybersecurity workers in 2020 to more than 1.1 million in 2021. Despite the growth, 60% of respondents said their organizations face direct risks because of staff shortages.
One-third of respondents cited system misconfigurations as a consequence of staffing shortages. Three in 10 respondents also blamed staffing shortages for not allowing enough time for proper risk assessment and management, and making organizations slow to patch.

Dive Insight:

Effective cybersecurity is not just modern technology implementation. Cybersecurity leaders want more investments in talent, too.

"The greatest contribution we can make to making a difference in the cyber ecosystem is to address the human factors, the people piece of that," National Cyber Director Chris Inglis said during his June confirmation hearing. The federal government has a role to play in developing more cyber talent, Inglis said.

The federal government "has the convening power such that we can have the venues where we can exchange best practices, it has the power to create ideas, initiatives to perhaps inspire people to think about talent development in a fundamentally different and new way," he said in his hearing. "It has the ability to curate and to share," in how the U.S. develops its critical thinking skills and cyber literacy as early as possible in grade school.

The lack of a sufficient cyber skills pipeline is contributing to the current talent crunch. Almost half of respondents say their organization needs staff to securely provision, analyze and protect and defend.

Cybersecurity tends to favor problem-solvers, with technical expertise coming later. "There's a role for everyone, and it can perhaps help us redefine what it means to be a cyber literate society," Inglis said.

Cybersecurity professionals have always had diverse backgrounds, and that isn't changing. More than half of today's cyber talent comes from backgrounds outside of IT, the survey found. Of those professionals, 17% came from entirely unrelated fields, 15% started in cybersecurity by way of certifications, and 15% learned cybersecurity on their own.

The makeshift approach to learning cybersecurity skills is a decades-old concept. The difference now is, there is more cyber-specific training available, as opposed to piecemeal resources.

Backgrounds outside of IT are more common for Gen Z and millennials in the cybersecurity workforce; only 38% of younger generations transitioned from IT, compared to 53% of Gen X and Baby Boomers.

"This may indicate that cybersecurity is becoming better understood as a career opportunity for younger workers and students, but more effort is needed to ensure this broad and nuanced profession is less reliant on IT as the predominant pathway," (ISC)² said.