As cyber attacks grow in volume and sophistication, so too does a major shortage in the cybersecurity talent market. This has meant that efforts made by organizations to overcome ever-sophisticated cyber threats are being hampered by a shortage of cybersecurity skills, fueled by the widespread “Great Resignation”.
The so-called Great Resignation of 2021, also known as the Big Quit and the Great Reshuffle, describes the elevated rate at which U.S. workers resigned from their jobs starting in the spring of 2021, amid strong labor demand and low unemployment. This has given way to what ISACA calls “an intense battle for talent” in the cybersecurity community, with 60% of enterprises across the globe experiencing difficulty retaining qualified talent.
Despite industry-wide efforts to reduce this gap, the world’s open cybersecurity positions in 2021 is enough to fill 50 NFL stadiums . According to Cyberseek, an initiative of the U.S. National Initiative for Cybersecurity Education and private partners, the U.S. has only enough cybersecurity workers to fill 68% of the jobs that employers are looking to fill.
In finance and insurance, the total number of cybersecurity job openings is 168,000, while the manufacturing industry is looking to fill almost 100,000 roles.
Across industries, the total number of job openings in cybersecurity comes in at almost 750,000, with organizations struggling to recruit across numerous positions including cybersecurity analyst, penetration tester, and network engineer.
The global reach of the cybersecurity talent shortage
The U.S. job market reflects a global supply and demand problem around recruiting candidates with cybersecurity certifications. While companies are looking to hire cybersecurity professionals in droves, the industry often requires that workers have certain credentials or certifications on top of education requirements, Will Markow from Cyberseek explains. An example is a CISSP certification, which is required for many top-level cybersecurity roles that are in high demand—and have high-paying salaries, to the tune of about $120,000.
“The cybersecurity workforce shortage is not going away,” according to ISACA’s State of Cybersecurity 2022 report. “It appears to be getting worse, perhaps influenced by job seekers considering flexible working hours a major factor in stay-or-go decisions.”
An increase in serious cyberattacks has highlighted the need to alleviate cybersecurity’s labor issue. Colonial Pipeline, for example, was openly searching for a cybersecurity manager just weeks before a massive ransomware attack forced the utility provider to temporarily shut off its fuel pipeline—the largest fuel pipeline in the United States—and pay $4.4 million in ransom to restore network access. Hackers stole data from a traditional file share using a virtual private network account with a compromised password that had been leaked on the dark web.
Less talent, more vulnerability
Having skilled resources on hand is key for managing and effectively responding to the sophisticated threats that organizations face, and for making sense of the hugely complex technologies that have been developed to do this.
It’s not just major incidents that highlight the need, either; a recent survey showed that a huge amount of organizations worldwide (80%) have experienced data breaches that have been directly linked to a lack of adequate cybersecurity skills and/or awareness.
While staffing remains the hardest challenge across every cybersecurity team, it’s not an easy problem to solve. Some HR experts believe the cybersecurity skills shortage can be, in part, remedied by a more diverse approach to hiring, while others advocate for encouraging early STEM education, in turn adding more skills to the future workforce.
Unfortunately, these are not solutions that will solve the problem now, which is why organizations need to look outside of hiring and re-skilling in order to overcome the talent shortage facing their business.
MDR can help overcome the skills gap
Managed Detection and Response (MDR) can help organizations bridge the talent gap and stay on top of threat prevention, detection, and response by providing on-demand access to full-time threat analysts, investigators, and incident response experts.
MDR providers deliver around-the-clock monitoring, sophisticated threat detection, and remediation capabilities. This means that while these are tasks usually handled by skilled cybersecurity professionals, MDR can play a vital role in supporting an understaffed organization’s ability to mitigate cyber threats, while helping security teams struggling with staffing shortages, alert fatigue, and a need to streamline operations.
Bitdefender Managed Detection and Response gives you 24x7 access to an elite team of cybersecurity experts. Our service is also backed by industry-leading, trusted Bitdefender security technologies like GravityZone eXtended Detection & Response (XDR).
Learn more about how Bitdefender's Managed Detection and Response (MDR) can help alleviate talent shortages.