The global cybersecurity workforce is currently estimated at 5.5 million, an 8.7% increase from 2022, and the highest on record, according to the ISC2 Cybersecurity Workforce Study.

Conversely, the global workforce gap continues to grow even faster than the 8.7% workforce increase. The gap was up by 12.6% from 2022, which means that, in 2023, there are roughly 4 million cybersecurity professionals needed worldwide. The profession needs to almost double to be at full capacity, the study found.

The study surveyed 14,865 international practitioners and decision-makers. These cybersecurity professionals span the globe from North America to Asia, Latin America, Europe, the Middle East and Africa.

The greatest rise in the workforce gap was seen in Asia-Pacific (especially Japan and India) and North America. Areas with particularly rapid growth in supply like the Middle East and Latin America are starting to finally see demand catch up such that the workforce gap actually shrank this year.

Key findings from the report showed that despite year-on-year growth in global cybersecurity, 7% of cybersecurity professionals have dealt with cutbacks to their teams in the form of layoffs, budget cuts and hiring or promotion freezes. At the same time, 22% have experienced layoffs and 31% expect additional cutbacks in the next year.

Meanwhile, 67% of respondents reported that their organisation has a shortage of cybersecurity staff needed to prevent and troubleshoot security issues. Most (92%) report having skills gaps in their organisation, the most common being cloud computing security, AI/ML (Machine Learning) and Zero Trust implementation (a modern security strategy based on the principle never trust, always verify). The majority (67%) of those whose organisations had both shortages in total staff and skills gaps say that skills gaps are often worse.

The study also found that ongoing education and training help shrink talent gaps. More than half, or 58%, of cybersecurity professionals said that the negative impact of worker shortages can be mitigated by filling key skills gaps. The study found that those who continue their training, education and certification reimbursement programs were far better prepared to weather times of economic uncertainty. Organisations with layoffs who kept these programs, were less likely to experience significant organisational skills gaps in cybersecurity.

According to the report, 75% of cybersecurity professionals view the current threat landscape as the most challenging it has been in the past five years, and 52% believe that their organisation has the tools and people needed to respond to cyber incidents over the next two to three years. Those with shortages and skills gaps are far more worried about being able to keep their organizations secure.

ISC2’s study also showed that 71% of respondents agree that periods of economic uncertainty increase the risk of malicious insiders. The report found that 39% of cybersecurity professionals have been approached or know someone who has been approached by a malicious actor. Those at companies that have had layoffs in cybersecurity are three times more likely to have been approached to act as a malicious insider.

When it comes to job satisfaction, 70% of cybersecurity professionals say they are satisfied with their jobs today, which represents a 4% drop from last year. This seems to be due in large part to cutbacks and layoffs, which the study shows significantly impact job satisfaction through overwork and loss of employee trust.

In terms of qualifications sought out by cybersecurity professionals, the study found they favour senior-level experience over doctorate degrees (86% vs. 14%) and entry-level cybersecurity experience over cybersecurity bachelor’s degrees (70% vs. 30%).