7 Shocking Facts About the State of the Cybersecurity Workforce

By Danielle Arad - January 12, 2017
4 min read

In a world of constant cyber-attacks and massive data breaches, cybersecurity is more important today than ever before. And, as even more of the world gets connected and as we collect ever more data, that need for cybersecurity is going to keep on growing. So, surely businesses, governments and other organizations are reacting by making huge investments in hiring and fostering talent? You would imagine it’s among their top priorities to keep their cybersecurity teams’ world class, efficient and cutting edge, right? As only the most highly trained, capable and competent employees can limit your risk of cyberattack and protect you now and into the future.

And this makes it all the more shocking that, in reality, few organizations are really dealing with the cybersecurity resource challenge properly. Below are seven shocking facts about the real state of the cybersecurity workforce today.


Learn how to resolve this problem in our free whitepaper – Cat and Mouse: Resolve the Training Challenge for Cybersecurity Staff


1. 82% of IT professionals say there is a shortfall

Intel’s recent international study found that a huge 82% of IT professionals say there is a shortage in cybersecurity talent within their organizations. This means that the existing cybersecurity team in most companies is overstretched, and each employee is effectively having to do more work than they would if the team was fully staffed. The obvious result? Existing staff are more likely to burnout, become stressed, tired and, inevitably, make mistakes.

2. This staff shortage is a direct cause of breaches

The same Intel survey revealed that 1 in 4 organizations have lost proprietary data as a direct result of these cybersecurity gaps. Either because existing staff are overworked, or because individuals simply don’t have the most up to date knowledge about a specific risk or technology, breaches have occurred.

3. 3 out of 4 believe governments are failing to invest

McAfee surveyed IT professionals around the world about skills shortages and found that 76% of respondents felt their government was failing to invest enough in cybersecurity talent. Governments need to take more responsibility to invest in skills and cloud based training for the next generation.

4. Cybersecurity shortages are worse than in other IT jobs

In the same McAfee survey, 53% of respondents agreed that, compared to the general IT workforce, the shortage in cybersecurity is significantly bigger. Even among regular IT staff, there’s widespread recognition that there are not enough people in the business who have the skills required to keep the company safe and secure.

5. Demand will just keep on growing

A study from the USA’s Bureau of Labor Statistics predicted that by the year 2024, the demand for cybersecurity analysts will grow a further 18%. So, unless businesses begin investing in acquiring and nurturing talented cybersecurity staff now, they risk having to face even more intense competition to hire the best talent out there. Further—according to Forbes, this skills shortage is pushing salaries through the roof, making talent acquisition an extremely expensive process.

6. Employers know they need to offer more cloud based training

For too long, employers have expected cybersecurity staff to come to them as the ‘complete package’. They want cybersecurity staff to simply know everything, yet as the diversity of cyberattacks keeps on growing, this approach is redundant. According to Kaspersky Lab, 27% of organizations admit that they need to take more responsibility for offering internal training and they need to offer more graduate schemes, too.

7. Employers know they have problems but don’t do enough about it!

Perhaps the most shocking fact of all is that the majority of organizations know their cybersecurity teams have a skills shortage, yet they’re not really doing anything about it! According to QA, a whole 57% of businesses admit they do not have the right balance of skills to protect themselves. Despite this, only 22% plan to actually invest in upskilling their current security teams.


How should an IT leader respond to this issue?

A healthy cybersecurity workforce is more important today than it has ever been. And, its importance will inevitably keep on growing in the coming years. It is a worrying fact, then, that there are so many shortages currently in the industry – both in terms of basic supply and a lack of training.

What can businesses do to overcome these challenges? We believe it is time to start thinking strategically; planning to employ more resources to fill your gaps, but also to invest heavily in the staff you already have and provide them with realistic, hands-on, cloud based training. This will ensure they are constantly prepared to deal with the latest security threats and will be able to act faster and more effectively when attacks do happen.

We explore this issue in greater detail in our free whitepaper: Cat and Mouse: Resolve the training challenge for cybersecurity staff.

cybersecurity training