Shortage of IT Security Professionals not Unique to Government

Olivier Le Moal/

The information security workforce gap isn’t a federal government problem; it’s a worldwide problem.

The federal government is not the only entity struggling to fill its ranks with talented information security professionals. The entire world appears to be in the same boat, according to a new study.

Conducted by growth consulting company Frost & Sullivan, the (ISC)² Global Information Security Workforce Study polled almost 14,000 information security professionals around the world. Twenty percent of those polled indicated they were government employees. 

The survey discovered a clear consensus: The world is not producing enough information security professionals to keep up with demand.

“A perfect storm is enveloping the information security workforce with the resulting wake being a widening gap between the number of security professionals needed and the actual number available to be hired,” the report stated.

More than 60 percent of respondents said their organizations currently have too few information security workers. That's up 6 percent from from the same survey in 2013.

Two years ago, the majority of the survey’s respondents stated the dearth was because of insufficient funds, or “that business conditions could not support additional personnel.”

This year, respondents said the personnel shortage is because organizations have a difficult time finding qualified workers has climbed by 8 percent since 2013.

Although the number of information security professionals is expected to surge by almost 200,000 people over the next year, it won't be a quick enough, according to the report.

Over the next five years, the expected shortfall -- the difference between the projected workforce demand and the number of professionals predicted to actually be in the field -- is 1.5 million, according to the report.

The shortfall appears to have little to do with job conditions. More than three-fourths of the poll’s respondents said they were either “somewhat satisfied” or “very satisfied” with their job.

On average, the annual salary of those polled was nearly $100,000.

Cybersecurity has topped the report’s list of security concerns for the past two surveys. In 2015, almost 75 percent of respondents said they found application vulnerabilities and malware to be a concern.

To combat the information security workforce shortage, organizations are expected to spend more on security tools and technologies, according to the report. Over half of respondents stated they anticipate a boost.

The survey also found almost one-third of those polled expected their organizations to spend more money on outsourcing.

But the report didn't foresee these changes fully making up for the lack of qualified cyber job candidates. It suggested organizations adopt a proactive approach to both security awareness and accountability.

“Needless to say, a lack of action will aggravate the shortage,” the report concluded. 

(Image via Olivier Le Moal/