Global Cyber Workforce Needs 3.4 Million Professionals to Fill Gaps, Study Finds

XH4D/Getty Images

The survey also found that government cyber workers reported the least confidence in their ability to mitigate security threats over the next couple years “based on their current staff and tools.”

Although the global cybersecurity workforce has increased by 11.1% since last year, millions of cyber professionals are still needed to adequately protect their organizations and entities from security risks, according to a study released by a nonprofit consortium of cybersecurity professionals on Thursday. 

The 2022 Cybersecurity Workforce Study, conducted by (ISC)², surveyed 11,779 cybersecurity professionals worldwide to learn more about their experiences working in the profession. The report estimated that there are 4.7 million cyber professionals in the workforce in 2022, which it said was “the highest we’ve ever recorded.” But despite identifying workforce gains across all global regions—from North America to the Asia-Pacific—the study found that there is still a “worldwide gap of 3.4 million cybersecurity workers.”

“While the cybersecurity workforce is growing rapidly, demand is growing even faster,” the report said. “(ISC)²’s cybersecurity workforce gap analysis revealed that, despite adding more than 464,000 workers in the past year, the cybersecurity workforce gap has grown more than twice as much as the workforce, with a 26.2% year-over-year increase, making it a profession in dire need of more people.”

The overwhelming majority (70%) of cyber professionals surveyed in the report said that their organizations do not have enough cybersecurity employees to mitigate potential cyber risks, with the shortage “particularly severe in aerospace, government, education, insurance and transportation.”

“More than half of employees at organizations with workforce shortages feel that staff deficits put their organization at a ‘moderate’ or ‘extreme’ risk of cyberattack,” the report said. “And that risk increases substantially when organizations have a significant staffing shortage.”

According to the study’s findings, government cybersecurity professionals reported the lowest confidence (61%) of all surveyed sectors in their ability to adequately mitigate security risks. And only 42% of surveyed government cyber professionals were “confident in their ability to mitigate long-term risks based on their current staff and tools,” making it the least confident sector in terms of workers’ ability to respond to cyber incidents over the next two to three years. These concerns were further exacerbated by growing workloads, with 53% of government cyber professionals reporting an increase in work, as a result of data breaches and other security threats.

"As a result of geopolitical tensions and macroeconomic instability, alongside high-profile data breaches and growing physical security challenges, there is a greater focus on cybersecurity and increasing demand for professionals within the field," (ISC)² CEO Clar Rosso said in a statement. "The study shows us that retaining and attracting strong talent is more important than ever. Professionals are saying loud and clear that corporate culture, experience, training and education investment and mentorship are paramount to keeping your team motivated, engaged and effective."

Despite the challenges reported by cybersecurity professionals, the report found that roughly 75% of all respondents reported being somewhat satisfied or very satisfied with their jobs. And surveyed professionals also expressed confidence about the future of the cyber workforce, with 72% of total respondents reporting that they “expect [their] staff to increase somewhat or significantly” within the next 12 months.

“This is the highest predicted growth rate over the last three years, compared to 53% in 2021, and 41% in 2020,” the report noted. “It suggests an optimistic outlook on the future of the cybersecurity profession’s growth, despite current and near-term risks.”