Even though technology budgets have increased, companies are still vulnerable to attacks due to a major cybersecurity workforce gap. For some reason, the gap has widened to a staggering 3 million across North America, Latin America, Asia-Pacific (APAC), and Europe, the Middle East and Africa (EMEA), according to a study by (ISC)2. To reach this conclusion, a number of factors were analyzed, including how many organizations have cybersecurity roles open.
The most serious deficiency of security professionals is seen in the APAC region, at approximately 2.15 million, “in part thanks to its growing economies and new cybersecurity and data privacy legislation being enacted throughout the region,” says the report. North America registers the second-highest shortage, at 498,000, whereas EMEA has a 142,000 shortage and Latin America 136,000. Some of the factors contributing to the staffing shortage are unclear career paths for cybersecurity roles (34%), lack of organizational knowledge of cybersecurity skills (32%) and the cost of education to prepare for a cybersecurity career (28%).
Some 63 percent of professionals said their companies lack a dedicated cybersecurity team, while 59 percent are concerned this puts their organization at “moderate or extreme risk” of cyberattacks. Despite this, they are happy in their jobs and concentrate on professional development by gaining new skills. For example, 54 percent plan on getting cybersecurity-certified in coming months. Extensive improvement is sought in key fields such as cloud computing security, penetration testing, threat intelligence analysis and forensics.
“This research is essential to fostering a clearer understanding of who makes up the larger pool of cybersecurity workers and enables us to better tailor our professional development programs for the men and women securing organizations day in and day out,” said (ISC)2 CEO David Shearer, CISSP.
“By broadening our view of the workforce to include those with collateral cybersecurity duties within IT and ICT teams, we discovered that professionals are still facing familiar challenges, but also found striking differences compared to previous research, including a younger workforce and greater representation of women.”
A widespread practice is for IT teams to spend about 25 percent of their time on cybersecurity-related tasks, even though they don’t have explicit cybersecurity roles, says (ISC)2. Since it has become their number one priority, almost half of respondents are confident that, in the following year, their enterprises will benefit from a significant increase in cybersecurity roles to reduce vulnerabilities and increase company security.