The security skill shortage isn’t unique to the U.S. According to data in the 2024 Cybersecurity Workforce Study from ISC2 Research, the cybersecurity skills gap is continuing to widen globally. ISC2 Research surveyed some 15,852 cybersecurity practitioners and decision-makers globally, receiving responses from Africa, Asia-Pacific, Europe, Latin America, the Middle East, and North America and found that the size of the cybersecurity workforce remains mostly static.
That means existing roles might not have been lost amid cost-cutting efforts, but economic and other concerns have “canceled out any net new job growth.” The decrease in new cybersecurity job postings shows there have likely been reduced opportunities for hiring and promoting security talent in the past year.
“It also highlights a concerning shortage of entry points for new talent and a lack of opportunities to address skills and personnel shortages with new talent and on-the-job learning,” the report states.
The ISC2 survey found that 90% of organizations reported having skills gaps within their security teams. Among the skills noted in the 2024 ISC2 Cybersecurity Workforce Study as lacking are:
- Artificial intelligence/machine learning: 34%
- Cloud computing security: 30%
- Zero Trust implementation: 27%
- Digital forensics and incident response: 25%
- Application security: 24%
- Penetration testing: 24%
- Threat intelligence analysis: 20%
- Security engineering: 20%
- Malware research/analysis: 20%
- GRC: 20%
- SecOps: 20%
- Risk assessment, analysis, and management: 19%
- Security analysis: 18%
ISC2 Research recommends employers find ways to attract new people to cybersecurity with realistic expectations and in-role professional development. It is critical with the skills shortage to embrace a hiring strategy based on a diverse array of people and skills, and not only look to pre-qualified individuals, according to the ISC2 Research report.
“The onus is on employers to address the disparity through better communication of needs and rationalization of expectations (not expecting professionals to already have unachievable years of experience and industry certifications in a recently relevant discipline like AI, for instance),” the report states.
