The global cybersecurity workforce grew just 0.1% year-over-year to an estimated 5.5 million people, reflecting a stall in the sector for the first time since 2019, ISC2 said in a report released Wednesday.

Cybersecurity jobs grew 8.7% in 2022, according to the non-profit industry association, which offers training and certifications for cybersecurity professionals.

ISC2’s annual report draws some troubling conclusions for the state of cyber defense at large, with increased budget cuts, layoffs and hiring freezes exacerbating a global staffing shortage.

Some of the findings in the report, based on a survey of nearly 16,000 cybersecurity practitioners globally, reflect a downward trend. One-quarter of the respondents reported layoffs in their organizations this year and nearly 2 in 5 observed budget cuts and hiring freezes.

The gap between the active workforce and what ISC2 said is the "perceived" unmet need for additional cybersecurity professionals grew 19% to 4.8 million jobs globally. The industry association estimates the total workforce needed to satisfy demand jumped 8% to 10.2 million people last year.

“The survey shows that broadly the workforce has stayed steady, growing slightly, but the gap has grown away from us, and the ability to fill that budgetary-wise has been constrained,” said Jon France, CISO at ISC2.

ISC2 calculates the difference between active cybersecurity professionals and the need for more practitioners based on the number of roles survey respondents say is needed to properly secure their organizations.

Yet, just because there’s a need for more cybersecurity professionals doesn’t mean there’s a demand.

New cybersecurity job postings in the U.S. declined 5.4% year over year, as of May according to LinkedIn data, the largest decrease among 14 countries studied by the professional social network.

U.S. organizations support the largest active cybersecurity workforce globally. An estimated nearly 1.3 million people work in U.S. cybersecurity jobs this year, but that’s down 3% from almost 1.34 million professionals in 2023, according to ISC2.

Halting growth in the global cybersecurity workforce comes as nearly 3 in 4 professionals say the threat landscape is the most challenging it’s been in the last five years. ISC2 conducted the survey with Forrester in May.

A gap in capabilities also persists, with 9 in 10 respondents reporting skills shortages at their organizations, and two-thirds identifying skills gaps as a greater challenge to their organizations’ defense than staffing levels.

These disparities are amplified by internal talent development policies across some organizations.

Nearly 1 in 3 respondents said there were no entry-level professionals on their security teams, and more than 3 in 5 hiring managers with open roles on their teams were focused on hiring mid- to advanced-level roles.

Some factors weighing on the sector, such as economic uncertainty and business contraction in certain markets, are macro and outside the purview of the cybersecurity industry.

“This is just one year in a long continuum,” said Andrew Woolnough, EVP of corporate affairs at ISC2. “There's no reason to think that cybersecurity won't continue to grow and that businesses won't continue to invest in it.”

ISC2’s report comes a week after National Cyber Director Harry Coker Jr. unveiled a program to help fill a gap of available cybersecurity jobs across the U.S. The program aims to reach candidates without traditional qualifications, such as a degree in computer science or engineering.