Security Magazine logo
search
cart
facebook twitter linkedin youtube
  • Sign In
  • Create Account
  • Sign Out
  • My Account
Security Magazine logo
  • NEWS
    • Security Newswire
    • Technologies & Solutions
  • MANAGEMENT
    • Leadership Management
    • Enterprise Services
    • Security Education & Training
    • Logical Security
    • Security & Business Resilience
    • Profiles in Excellence
  • PHYSICAL
    • Access Management
    • Fire & Life Safety
    • Identity Management
    • Physical Security
    • Video Surveillance
    • Case Studies (Physical)
  • CYBER
    • Cybersecurity News
    • More
  • BLOG
  • COLUMNS
    • Cyber Tactics
    • Leadership & Management
    • Security Talk
    • Career Intelligence
    • Leader to Leader
    • Cybersecurity Education & Training
  • EXCLUSIVES
    • Annual Guarding Report
    • Most Influential People in Security
    • The Security Benchmark Report
    • The Security Leadership Issue
    • Top Guard and Security Officer Companies
    • Top Cybersecurity Leaders
    • Women in Security
  • SECTORS
    • Arenas / Stadiums / Leagues / Entertainment
    • Banking/Finance/Insurance
    • Construction, Real Estate, Property Management
    • Education: K-12
    • Education: University
    • Government: Federal, State and Local
    • Hospitality & Casinos
    • Hospitals & Medical Centers
    • Infrastructure:Electric,Gas & Water
    • Ports: Sea, Land, & Air
    • Retail/Restaurants/Convenience
    • Transportation/Logistics/Supply Chain/Distribution/ Warehousing
  • EVENTS
    • Industry Events
    • Webinars
    • Solutions by Sector
    • Security 500 Conference
  • MEDIA
    • Videos
      • Cybersecurity & Geopolitical Discussion
      • Ask Me Anything (AMA) Series
    • Podcasts
    • Polls
    • Photo Galleries
  • MORE
    • Call for Entries
    • Classifieds & Job Listings
    • Continuing Education
    • Newsletter
    • Sponsor Insights
    • Store
    • White Papers
  • EMAG
    • eMagazine
    • This Month's Content
    • Advertise
  • SIGN UP!
CybersecurityManagementSecurity Leadership and ManagementSecurity & Business ResilienceCybersecurity News

Global News

Addressing the cybersecurity workforce staff shortage

By Maria Henriquez
SEC-1222-News1-Feat-Slide1-1170x658.jpg

sanjeri / E+ via Getty Images

December 14, 2022
✕
Image in modal.

(ISC)² estimates the global cybersecurity workforce in 2022 to be 4.7 million, an 11.1% increase over last year, representing an additional gap of 464,000 more jobs, according to the fifth annual (ISC)² Cybersecurity Workforce Study.

The study surveyed 11,779 international practitioners and decision-makers to gain insights into working in the modern cybersecurity profession. This report highlights hiring and recruiting trends, corporate culture and job satisfaction, career pathways, certifications, professional development, how the workforce is adapting to current events, and what the future of cybersecurity work looks like.

To calculate a global workforce estimate and gap, (ISC)² uses a proprietary methodology that integrates primary and secondary data sources to extrapolate the number of workers responsible for securing their organizations.


*Click the image for greater detail


The organization observed growth in cybersecurity positions across all regions, with Asia-Pacific (APAC) registering the most significant growth (15.6%) and North America the least (6.2%).

While the cybersecurity workforce is multiplying, the number of positions to fill is increasing even faster. (ISC)²’s workforce gap analysis indicated that despite adding over 464,000 workers in the past year, the gap has grown twice as much as the workforce, with a 26.2% year-over-year increase.


*Click the image for greater detail


Approximately 70% of cybersecurity workers feel their organization doesn’t have enough cybersecurity staff to be effective. The shortage is especially severe in the aerospace, government, education, insurance and transportation sectors.


*Click the image for greater detail


A cybersecurity workforce gap threatens the most foundational functions of the profession, such risk assessment, oversight and critical systems patching, according to the study. More than half of employees at organizations with workforce shortages feel that staff deficits put their organization at a “moderate” or “extreme” risk of cyberattacks. In addition, that risk increases substantially when organizations have a significant staffing shortage.

Compared with last year’s report, more cybersecurity professionals indicated that their organization encountered issues, such as a lack of proper time for assessment and oversight of processes, slow patching of critical systems and inadequate time and resources for training due to staffing shortages.


*Click the image for greater detail


Addressing the Cyber Workforce Gap

Why does this workforce gap exist? How can organizations best mitigate it? Some factors are out of an organization’s control — demand for cybersecurity employees is bound to increase as the threat landscape continues to grow, and supply can’t always keep up. The inability to find qualified talent was cited most frequently as a challenge by organizations with cybersecurity staff shortages. While this may be the most common challenge, it is not the most impactful.

To better understand what challenges are linked to the biggest staffing shortages, (ISC)² examined what percentage of employees at organizations with those issues had significant staffing shortages. This analysis suggests that the most negatively impactful issues are ones that organizations can control: not prioritizing cybersecurity and not training staff or offering opportunities for growth or promotion. However, finding qualified talent was the least impactful problem based on this analysis.

While organizations attempt to mitigate staff shortages, it’s not always effective. Although almost all initiatives positively impacted staffing, the study found that organizations with initiatives to train internal talent — rotating job assignments, mentorship programs and encouraging employees outside of cybersecurity to join the field — were least likely to have shortages.

These initiatives are particularly impactful for larger companies — only 49% of companies with 1,000 or more employees who had implemented all three internal training initiatives had staffing shortages compared with 77% of those who had implemented none.


*Click the image for greater detail


However, internal trainings were not the most commonly adopted initiatives. Many of the most effective initiatives had the lowest implementation levels. The initiative with the lowest impact is outsourcing. Respondents at organizations that were outsourcing cybersecurity were slightly more likely to see a shortage in staff.

Automation is becoming more prevalent in cybersecurity as well — 57% have adopted it, and 26% plan to adopt it in the future. While it isn’t likely to replace cybersecurity workers at any time in the foreseeable future, automating consistent and repeatable processes frees workers to focus on higher-level tasks. This may, in turn, reduce staffing shortage issues without requiring additional staff.

The study found that cybersecurity hiring managers with a strong working relationship with their human resources (HR) department were far less likely to have significant staffing shortages at their organizations. However, only 52% of respondents said that hiring managers have a strong working relationship with HR, and 40% of hiring managers said that the HR department at their organization does not add value to the recruiting process.


What the Cyber Workforce Gap Means for Organizations

Combatting staffing shortages is no easy task, but there are three key places where organizations can focus:

  1. Understand what your gap is. Senior-level practitioners in the study were more likely than managers or executives to say their organization had a staffing shortage. This suggests that those making decisions may not always fully appreciate what frontline cybersecurity professionals are experiencing. Decision-makers should make sure they are actively listening to employees to understand if and where there are staffing shortages.
  2. Emphasize internal training. The most impactful organizational initiatives in reducing worker shortages were those that took advantage of internal talent with programs such as rotational job assignments, mentorship and encouraging non-IT employees at the organization to learn about cybersecurity. The challenges that were most associated with high staffing shortages were a lack of emphasis organization-wide on cybersecurity, insufficient staff training and a lack of pathways for growth.
  3. Work with HR, not against them, when hiring for cybersecurity. Hiring is a challenging process. While cybersecurity hiring managers know best what candidates to look for, HR managers are more likely to have the expertise to find and attract those candidates. Therefore, cybersecurity organizations need to build effective working relationships with HR or risk having significant staffing shortages compared with those who have built a strong relationship with HR.

For more information, visit www.isc2.org.


Images courtesy of (ISC)²

KEYWORDS: Chief Information Security Officer (CISO) cyber security incident response information security risk management threat intelligence

Share This Story

Looking for a reprint of this article?
From high-res PDFs to custom plaques, order your copy today!

Maria Henriquez is a former Associate Editor of Security. She covered topics including cybersecurity and physical security, risk management and more.

Recommended Content

JOIN TODAY
To unlock your recommendations.

Already have an account? Sign In

  • Security's Top Cybersecurity Leaders 2024

    Security's Top Cybersecurity Leaders 2024

    Security magazine's Top Cybersecurity Leaders 2024 award...
    Cybersecurity
    By: Security Staff
  • cyber brain

    The intersection of cybersecurity and artificial intelligence

    Artificial intelligence (AI) is a valuable cybersecurity...
    Columns
    By: Pam Nigro
  • artificial intelligence AI graphic

    Assessing the pros and cons of AI for cybersecurity

    Artificial intelligence (AI) has significant implications...
    New Security Technology
    By: Charles Denyer
Manage My Account
  • Security eNewsletter & Other eNews Alerts
  • eMagazine Subscriptions
  • Manage My Preferences
  • Online Registration
  • Mobile App
  • Subscription Customer Service

More Videos

Sponsored Content

Sponsored Content is a special paid section where industry companies provide high quality, objective, non-commercial content around topics of interest to the Security audience. All Sponsored Content is supplied by the advertising company and any opinions expressed in this article are those of the author and not necessarily reflect the views of Security or its parent company, BNP Media. Interested in participating in our Sponsored Content section? Contact your local rep!

close
  • Crisis Response Team
    Sponsored byEverbridge

    Automate or Fall Behind – Crisis Response at the Speed of Risk

  • Perimeter security
    Sponsored byAMAROK

    Why Property Security is the New Competitive Advantage

Popular Stories

Coding

AI Emerges as the Top Concern for Security Leaders

Half open laptop

“Luigi Was Right”: A Look at the Website Sharing Data on More Than 1,000 Executives

Shopping mall

Victoria’s Secret Security Incident Shuts Down Website

Laptop with coding on ground

Stepping Into the Light: Why CISOs Are Replacing Black-Box Security With Open-Source XDR

Gift cards and credit cards

Why Are Cyberattacks Targeting Retail? Experts Share Their Thoughts

2025 Security Benchmark banner

Events

July 17, 2025

Tech in the Jungle: Leveraging Surveillance, Access Control, and Technology in Unique Environments

From animal habitats to bustling crowds of visitors, a zoo is a one-of-a-kind environment for deploying modern security technologies.

August 27, 2025

Risk Mitigation as a Competitive Edge

In today’s volatile environment, a robust risk management strategy isn’t just a requirement—it’s a foundation for organizational resilience. From cyber threats to climate disruptions, the ability to anticipate, withstand, and adapt to disruption is becoming a hallmark of industry leaders.

View All Submit An Event

Products

Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

See More Products

Related Articles

  • cybersecurity staff.jpg

    Addressing the cybersecurity staff shortage

    See More
  • cybersecurity900px

    Addressing the Cybersecurity Skills Shortage Through Upskilling and Retention

    See More
  • IT security cyber

    Mission-critical: Northern Virginia sets out to solve the cybersecurity workforce shortage

    See More

Related Products

See More Products
  • physical security.webp

    Physical Security Assessment Handbook An Insider’s Guide to Securing a Business

See More Products

Events

View AllSubmit An Event
  • July 17, 2025

    Tech in the Jungle: Leveraging Surveillance, Access Control, and Technology in Unique Environments

    From animal habitats to bustling crowds of visitors, a zoo is a one-of-a-kind environment for deploying modern security technologies.
View AllSubmit An Event
×

Sign-up to receive top management & result-driven techniques in the industry.

Join over 20,000+ industry leaders who receive our premium content.

SIGN UP TODAY!
  • RESOURCES
    • Advertise
    • Contact Us
    • Store
    • Want More
  • SIGN UP TODAY
    • Create Account
    • eMagazine
    • eNewsletter
    • Customer Service
    • Manage Preferences
  • SERVICES
    • Marketing Services
    • Reprints
    • Market Research
    • List Rental
    • Survey/Respondent Access
  • STAY CONNECTED
    • LinkedIn
    • Facebook
    • YouTube
    • X (Twitter)
  • PRIVACY
    • PRIVACY POLICY
    • TERMS & CONDITIONS
    • DO NOT SELL MY PERSONAL INFORMATION
    • PRIVACY REQUEST
    • ACCESSIBILITY

Copyright ©2025. All Rights Reserved BNP Media.

Design, CMS, Hosting & Web Development :: ePublishing