Despite the fact that 90% of organizations have unfilled positions or underskilled employees on their cybersecurity groups, hiring for these jobs has, for the primary time in six years, floor to a halt.
That is in accordance with the 2024 ISC2 Cybersecurity Workforce Examine, which discovered that the worldwide workforce has held regular at 5.5 million individuals year-over-year, recording only a negligible 0.1% improve from 2023 (although some pockets of elevated cyber hiring stay).
To place that in perspective, final yr, the cybersecurity workforce grew 8.7% year-on-year, regardless of declining funding in expertise and cyber platforms.
The primary driver for 2024’s job market inertia is easy: a scarcity of finances for including head depend and upskilling. A full 67% of respondents to the ICS2 survey cited finances as their high trigger for staffing shortages, changing final yr’s No. 1 cited motive for empty positions, which was a lack of certified expertise.
Despite the fact that 74% of respondents stated the menace panorama is probably the most difficult they’ve skilled previously 5 years, “professionals are feeling the influence of declining investments within the cybersecurity workforce, together with finances cutbacks and layoffs, [which affects] workforce satisfaction, the event of organizational safety, the adoption of recent applied sciences, and extra,” in accordance with the report.
.png?width=700&auto=webp&quality=80&disable=upscale "Source: 2024 ISC2 Cybersecurity Workforce Study")
Supply: 2024 ISC2 Cybersecurity Workforce Examine
Certainly, ISC2 discovered that cybersecurity job satisfaction has fallen from 74% in 2022 to 66% in 2024. Moreover, respondents stated that employee shortages have been their largest problem over the previous 12 months, however there is not any finish in near-term sight. In addition they predicted that shortages will proceed to be a major problem over the following two years.
“As financial situations proceed to influence workforce funding, this yr’s Cybersecurity Workforce Examine underscores that many organizations are placing their cyber groups below important pressure, risking burnout and attrition as job satisfaction charges fall,” stated ISC2 performing CEO and CFO Debra Taylor, in a press release.
In the meantime, greater than half of these surveyed (58%) imagine a scarcity of expertise places their group at important danger; 59% of respondents agree that expertise gaps have already considerably affected their capability to safe their organizations. The statistics bear this out: ISC2 discovered that organizations with crucial or important expertise gaps are virtually twice as prone to expertise a cloth breach in contrast with organizations that reported no expertise gaps.
The excellent news is that out of these already in cyber-related jobs, three-quarters (73%) stated they’re targeted on constructing their cybersecurity talent set, with 48% involved in studying extra AI-related expertise (greater than one-third of respondents cited AI as the most important expertise shortfall on their groups).
About half (52%) stated they’re targeted on hanging on to their positions by turning into a extra strategic contributor to their organizations.
AI to the Cyber Job Rescue?
If there is a silver lining to the perceived staffing scarcity, respondents imagine it can come from the yr’s hottest buzz class: generative synthetic intelligence (GenAI).
ISC2 respondents stated that AI and automation may have probably the most important influence on their capability to safe their organizations. A full 68% agree that inside the subsequent two years, they are going to have the ability to use GenAI successfully as a part of their roles. And a big majority (80%) stated their cybersecurity talent set will likely be extra necessary in an AI-driven world.
“AI is seen by professionals as an answer to strengthen their organizations’ safety and create new efficiencies for his or her groups,” Taylor stated. “In addition they view successfully managing danger related to AI adoption and its strategic significance to their group’s future success as profession progress alternatives for themselves and their friends. Organizations and cybersecurity leaders should acknowledge how AI can contribute to creating extra resilient safety groups, particularly whereas financial challenges persist.”
Already, 45% of respondents’ groups are utilizing AI in cybersecurity instruments. ISC2 discovered the highest 5 use circumstances to be:
-
Augmenting frequent operational duties (56%)
-
Rushing up report writing and incident reporting (49%)
-
Simplifying menace intelligence (47%)
-
Accelerating menace searching (43%)
-
Enhancing coverage simulations (41%)
That stated, the dearth of a transparent GenAI technique was cited as one of many high limitations to its organizational adoption by practically half (45%) of all contributors. And simply how AI will have an effect on the sorts of experience a future cyber workforce will want stays unclear.
In accordance with the report, “AI is a sport changer for 2 important causes. First, consultants predict AI will have the ability to change a few of the technical expertise wanted in cybersecurity. Second, and arguably extra necessary, nobody is definite how AI will manifest in cybersecurity since they at present can not predict what expertise, if any, it can change. On account of this uncertainty, hiring managers aren’t speeding to rent extra specialised employees. As a substitute, they’re prioritizing nontechnical expertise, like problem-solving, that will likely be transferable by the elevated use of AI.”