Despite the fact that the number of people employed in cybersecurity is at an all-time high, a shortfall of around 3.4 million workers remains. Nearly 70% of cybersecurity professionals feel their team is not big enough - and over half believe this lack of staff puts their organisation at moderate or severe risk of an attack. 

  • The cybersecurity workforce gap is growing by 26% annually. The gap is getting bigger the most in EMEA and APAC. Interestingly, Singapore’s workforce gap seems to be closing – the gap is shrinking by 61% annually. 

2022 Cybersecurity Workforce Gap

(The Cybersecurity Workforce Study (ISC)²)

  • What are the biggest causes for these shortages within organisations? 43% of respondents say they can’t find qualified talent, 33% say it is attrition and turnover, 31% say it’s the lack of competitive salary, and 28% quote a lack of budget.

  • Companies are trying to address the gap by providing more flexible working conditions (64%), investing in training (64%), recruiting new staff (62%), investing in certifications (58%) and focussing on diversity in their workforce (57%).

  • Company culture plays a big role in the workforce gap. The high demand for cyber professionals means that employees are increasingly free to choose where and how they work and look for cultures that fit their lifestyles best.

  • Remote working is no longer seen as a benefit but an expectation. Over half of employees would consider leaving if they were no longer allowed to work remotely.

  • Diversity is also important for workplace satisfaction. 30% of female and 18% of non-white employees said they feel discriminated against at work, demonstrating that work needs to be done to support staff of all backgrounds and implement hiring programs to boost diversity.


Why does this matter for businesses?

  • Companies need to understand what specific gap in the cyber workforce they have.

  • The study finds that the most impactful organisational initiatives in reducing worker shortages were those that took advantage of internal talent programs like rotational job assignments and mentorship programs.

  • HR plays a key role. Cybersecurity hiring managers might know best what kinds of candidates to look for; HR managers are more likely to have the expertise in finding and attracting those candidates.