The Oxford University Press, custodian of the Oxford English Dictionary, chose “brain rot” as the word of the year. However, we would challenge and say that a more appropriate and meaningful word that sums up 2024 would be “disruption”.
There is little doubt that this year has been filled with technology and cyber security disruption thanks to the rapid evolution of artificial intelligence and the continued march of digitalisation in every facet of work and life. Combined with economic and global geopolitical disruption, these have created a highly challenging and changed environment for both cyber security professionals and the criminal actors perpetrating increasingly sophisticated attacks.
This was among the key findings in the recently published 2024 ISC2 Cyber Security Workforce Study. This annual, independently conducted research project commissioned by ISC2, provides valuable information for our members, cyber security employers and the wider cyber security professional sector. It looks at the global cyber security workforce and surveyed a record 15,852 practitioners and decision-makers around the world earlier this year. The study assessed the operating conditions professionals are dealing with, along with seeking to understand the composition of the talent and skills base. This included looking at the size of the active workforce and its skills shortages and opportunities.
A Challenging Year
The state of the global economy has resulted in staff and budget reductions. We have seen an increase in the perceived number of people needed globally to adequately secure organisations, yet employers in several regions are cutting back on hiring and the professional development of their cyber security teams. In the UK specifically, the active workforce reduced by an estimated 4.9% to 349,360.
However, this was not a reflection of falling need, but rather the impact of the last year of economic and other pressures impacting cyber security teams that have often been insulated from organisation workforce reductions due to on-going understaffing. However, this year’s study revealed that organisations are experiencing acute skills shortages, which are only exacerbating existing workforce shortages.
The Need for Skilled Cyber Professionals
Globally, almost 60% of respondents agree that skills gaps have significantly impacted their ability to secure the organisation, with 58% stating it puts their organisations at a significant risk.
The study revealed that 90% of organisations overall have skills gaps within their security teams. In particular, over one third of respondents cited AI as the biggest skills shortfall in their teams. This was followed by cloud computing (30%), zero trust (27%), incident response (25%), application security and penetration testing (both 24%).
Survey respondents in the UK were asked about skills shortages in their organisations based on the UK Cyber Security Council’s list of job categories. This revealed the most significant talent and skills shortages are in digital forensics (35%), cyber threat intelligence (31%), secure system architecture and design (27%) and security testing (26%).
Some industries have notably higher skills gaps in certain disciplines. For instance, respondents indicated that consulting security teams have the highest AI skills gaps within their cyber security teams. Meanwhile, among education, government and military security teams, the highest examples of zero trust implementation skills shortages were reported. When it comes to safeguarding critical infrastructure from cyber security issues, utilities providers and manufacturing security teams collectively have highest operation technology (OT) security skills shortfalls. Considering both sectors have the highest exposure to new and legacy OT and are both experiencing significant digital transformation, resulting in more OT becoming connected infrastructure, the skills challenge this creates for cyber security teams is a stark one.
For cyber security professionals looking for guidance on where to focus their career efforts, several industries globally are at heightened risk from a lack of professionals with in-demand cyber security skills. These include construction, government and healthcare (20% in each sector reported a critical skills shortage), aerospace, military and telecoms (19% each), education (18%), retail and entertainment (17% each), and hospitality (16%).
Aligning Skills with Employer Needs
At a time when cyber security roles are under pressure, it’s essential that the skills a professional can bring to an organisation align with what is being sought by hiring managers. The study revealed that the most in-demand skills from the perspective of hiring managers are strong problem-solving abilities (31%), teamworking (28%), eagerness to learn (26%), strong communication skills (25%). Only then do we get into technical skills such as cloud security (19%), risk assessment (14%), security engineering (14%) and GRC (13%).
These figures serve as an important reminder to cyber security professionals that technical skills need to be blended with essential non-technical abilities to effectively respond to business needs.
Despite the clear need that the study showed for more cyber professionals, growth in the cyber security workforce has slowed for the first time since ISC2 began estimating the workforce size six years ago. Pressure on hiring and professional development budgets have now fed through to the core cyber security workforce and organisations now face significant skills shortages at a time when the threats and technology is evolving at breakneck speed. Momentary economic restraint may seem financially prudent, but professionals have made it clear that organisations face greater risks as a result of stalled workforce growth. Investment in skills development and enabling the next generation of cyber security professionals to enter the workforce, learn from their peers and be ready to step up when needed are more crucial than ever before, especially as we head into a such a rapidly changing AI-driven world.
About ISC2
ISC2 is the world’s leading member organisation for cyber security professionals, driven by our vision of a safe and secure cyber world. Our nearly 675,000 members, candidates and associates around the globe are a force for good, safeguarding the way we live. Our award-winning certifications — including cyber security’s premier certification, the CISSP® — enable professionals to demonstrate their knowledge, skills and abilities at every stage of their careers. ISC2 strengthens the influence, diversity and vitality of the cyber security profession through advocacy, expertise and workforce empowerment that accelerates cyber safety and security in an interconnected world. Our charitable foundation, The Center for Cyber Safety and Education, helps create more access to cyber careers and educate those most vulnerable. Learn more and get involved at ISC2.org. Connect with us on X, Facebook and LinkedIn.