While much has been made over the past several years of the cybersecurity talent gap, it feels like in some circles, little attention has been given to the strides the industry has taken as a whole.
There is a tangible gap between filled and unfilled skilled roles but whether its growing or shrinking depends on who you ask.
According to a new study - the 2021 (ISC)² Cybersecurity Workforce Study - released today, the gap is actually down for the second year in a row to 2.72 million individuals. Last year at this time the gap was around 3.12 million.
(ISC)², a nonprofit group that regularly puts on cybersecurity trainings, surveyed nearly 5,000 individuals working in the field for the study. As far as the report goes, (ISC)² views the cybersecurity gap figure as the number of skilled workers needed to adequately defend critical assets worldwide. Specifically, the group predicted the number of hiring organizations, estimated each one's security team, and accounted for anticipated hiring demand for the year.
According to its findings, the global cybersecurity workforce still needs to grow 65% to reach the point where every company's personnel needs are fully met. This of course is a constantly changing figure - as the gap grows, it outpaces demand.
A void is still a void however. According to the report, more than two thirds of those who responded claimed they've experienced a cybersecurity staffing shortage at their organization, something that's put them at risk.
Around a third of respondents said a shortage in staff has led to real life impact, including rushed deployments, misconfigured systems, and a lack of time for risk assessment and management
On the other side of the gap is the number of workers actively employed across the field: 4.19 million, up 700,000 from last year, an encouraging figure despite the challenges COVID-19 has dealt to companies, many which still have employees working from home.
In fact, according to the report, only 24% of companies across the globe have plans to fully return to a conventional office environment, fewer - 15% - want to return in general.
It’s probably not a huge surprise, given the dramatic shift in the workforce, that organizations have encountered new challenges when it comes to keeping workers and their data safe. Respondents said they struggled with rolling security awareness out for fellow employees, the rapid deployment of new collaboration tools, and keeping up with new threats, many geared at exploiting the weaknesses of remote workers.
That's sparked a need for improved security across the board. When asked what businesses need to improve their security in a WFH world, respondents said cloud infrastructure (45%), endpoint security (36%), application security (34%), mobile device management (33%) and a zero-trust security approach (32%).
Elsewhere in the survey, there are numbers that help reinforce popular narratives over the last couple of years, like that having a laundry list of technical skills and certifications mean you're qualified for a cybersecurity job. According to the report, having strong communication skills, problem-solving abilities, and an eagerness to learn - all non-technical skills - are just as important to respondents as a certification or relevant cybersecurity experience.
While (ISC)²’s report suggests the cybersecurity workforce gap has shrunk for the second straight year, it runs counter to recent findings made from analyst/research firm ESG and Information Systems Security Association (ISSA).
In a report issued over the summer, those surveyed said the skills gap has impacted more than half (57%) of organizations. 95% of respondents said the skills shortage has not improved over the past few years; 44% say it has only gotten worse.
While ESG and ISSA's study was also global, it interviewed 489 cybersecurity professionals compared to (ISC)'s 4,753.
