More than 260,000 cybersecurity professionals have joined the U.S. industry since 2020, according to new findings from the 2021 (ISC)² Cybersecurity Workforce Study from (ISC)², a nonprofit association of certified cybersecurity professionals. The study has tracked the global Cybersecurity Workforce Estimate and Cybersecurity Workforce Gap annually since 2019. 

(ISC)² collected data from 4,753 cybersecurity and IT/ICT professionals, all of whom dedicate at least 25% of their time to cybersecurity tasks, working with small, medium and large organizations throughout North America, Europe, Latin America and the Asia-Pacific region to accurately assess the size of the current cybersecurity workforce and the challenges it faces amid an evolving threat landscape.

The study reveals a decrease in the global workforce shortage for the second consecutive year from 3.12 million down to 2.72 million cybersecurity professionals. One significant contributing factor to this year’s workforce gap estimate is that 700,000 new entrants joined the field globally since 2020, contributing to a sharp increase in the available supply, now up to 4.19 million people. 

Even with 700,000 new entrants, demand continues to outpace the supply of talent. The global cybersecurity workforce needs to grow 65% to effectively defend organizations’ critical assets.

How Organizations Overcome Their Gap

This year’s research provides fresh perspectives into how organizations are overcoming their own workforce gaps. Study participants shared their organizations’ planned talent and technology investments, including:

• More training (36%); providing more flexible working conditions (33%); and investing in diversity, equity and inclusion (DEI) initiatives (29%)
• Using cloud service providers (38%); deploying intelligence and automation for manual tasks (37%); and involving cybersecurity staff earlier in third-party relationships (32%)

The study uncovered the avoidable consequences that occur when cybersecurity staff are stretched too thin. Participants said they experienced misconfigured systems (32%); not enough time for proper risk assessment and management (30%); slowly patched critical systems (29%); and rushed deployments (27%).

Participants also offered opinions on what specialized skills and roles their teams lack, aligned with the roles outlined in the U.S. government’s National Initiative for Cybersecurity Education (NICE) Framework. They cited categories such as Securely Provision (48%); Analyze (47%); and Protect and Defend (47%) as the top areas of need, but the data also shows a strong need for help across all roles.

Lasting Pandemic Impact

The percentage of cybersecurity professionals working remotely in some capacity due to the pandemic remains unchanged at 85%; however, 37% report they must now come to the office at times compared to 31% in 2020. In addition to the advantages of remote work as a public health measure, organizations cited improved workplace flexibility (53%); accelerated innovation and digital transformation efforts (37%); and stronger collaboration (34%) as some of the ways the pandemic has changed their organizations for the better.

Security challenges arising from remote workforces included rapid deployment of new collaboration tools (31%); lack of security awareness among remote workers (30%); and rising concern for the physical security of distributed assets (29%).

Find more results from the (ICS)² study here.