Recently, the International Information Systems Security Certification Alliance (ISC2) released the 2023 Global Cybersecurity Talent Development Report. Through interviews with 14,865 cybersecurity practitioners and managers around the world, the report provides an in-depth analysis and analysis of the current state of cybersecurity talent development and the challenges faced.
The report points out that with the acceleration of global digitalization, the cybersecurity industry is facing unprecedented pressures and challenges. The task of protecting the world's infrastructure and systems from attacks is becoming increasingly daunting, and cybersecurity practitioners need to constantly adapt and respond to an increasingly complex and changing threat landscape.
The researchers found that the cybersecurity industry, which is "tasked with protecting the world's infrastructure and systems from attacks," is facing significant uncertainty, with slowing economic growth, rapidly emerging new attack vectors, poor regulatory requirements, and a widening expertise gap threatening to undermine cybersecurity practitioners' ability to respond effectively to threats.
Here are the 10 key findings from the report:
1. The demand for cybersecurity talents and professional skills continues to expand
According to ISC2**, the size of global cybersecurity practitioners will reach 5.5 million in 2023, an increase of 8 from 20227%, nearly 440,000 new jobs.
2. The reduction of the cyber security budget has a serious negative impact on the development of professional talents.
The current macroeconomic environment has led to rising costs, falling revenues, and labor shortages becoming the norm, with surveys showing that 47% of cybersecurity workers have experienced cuts directly related to cybersecurity. Nearly two-thirds of professionals say layoffs also reduce productivity, teamwork, and the ability to respond to emerging threats.
3. The shortage of professionals and skills will persist for a long time
Despite the high demand for cybersecurity personnel, there will be a severe shortage of cybersecurity personnel and skills gaps for a long time. The most common are cloud computing security, artificial intelligence, machine learning, and zero trust implementation areas.
4. Work experience of network security professionals is more important than academic qualifications.
Advanced cybersecurity experience (86%) is preferred over PhDs (14%), and curiosity, communication, and certification are becoming increasingly important for professional cybersecurity professionals, a rising trend that reflects the demands of the modern risk landscape. In an industry characterized by instability, organizations need professionals who are knowledgeable, adaptable, and able to deliver information effectively.
5. Cybersecurity professionals are facing an unprecedented threat landscape
Seventy-one percent of respondents believe that economic uncertainty increases the risk of malicious insiders, the second most significant challenge after employee skills shortages (38 percent). What's more, half of all cybersecurity professionals who participated in the study had direct or indirect contact with malicious insiders in the past year.
6. Job satisfaction has declined slightly, but it still maintains a high level
Surveys show that despite severe instability, an uncertain economy, and a challenging threat environment, cybersecurity workers remain highly satisfied with their jobs. 70% reported that they were somewhat or very satisfied with their current job, down just 4% year-over-year.
7. A large number of mature IT professionals have begun to enter the field of network security
The volatile economic environment presents challenges to the cybersecurity industry, but it also presents opportunities. Technological layoffs have given more people the opportunity to get more involved in cybersecurity, with 80% of cybersecurity professionals believing that there are more ways to get into cybersecurity today than in the past, and companies are changing their hiring requirements to hire more people from non-cybersecurity backgrounds as more candidates with technical experience but no cybersecurity experience increase.
8. Enterprises have the greatest demand for cloud computing security professionals
As with the pathway into the field, the demand for new cybersecurity skills is constantly evolving. Cloud computing security remains the most sought-after technical skill, but it is in short supply. For the second year in a row, cloud computing security (32%) is the most desired skill for cybersecurity hiring managersIn addition, risk assessment, analysis and management (31%);Security analysis (28%);Safety engineering (28%) is also an attractive skill for future employees.
9. The demand for AI ML talents is growing rapidly
While AI ML capabilities aren't currently the primary need for hiring managers, the demand for AI skills is growing in the eyes of the average cybersecurity professional. In the coming years, as AI matures, the demand for this skill is likely to surge and impact all aspects of cybersecurity threats and defenses.
10. Ongoing education and training is an effective way to close the cybersecurity skills gap in enterprises
Organizations are working to alleviate talent and skills shortages
While there is a prevalent cybersecurity talent and skills gap in organizations, businesses can mitigate the cyber risks posed by staffing shortages and skills gaps by:
Take steps to prevent or alleviate staffing shortages.
Upskill existing employees.
More detailed content and data support is available in the full report!