More than half of cyber security leaders globally (61%) are struggling to attract the right talent, which is due to the shortage of available skilled workers in today’s talent pool, according to the 2024 Global Cyber Security Report by Hays.

“Last year’s report uncovered that over half of respondents were struggling to attract the right talent. Twelve months on, the landscape hasn’t shifted: 61% of respondents do not rate their ability to attract cyber talent highly,” the report stated.

The study also showed that 61% of those who stated they are struggling to attract and retain talent, said that a lack of skilled candidates is a major factor.

As demand continues to outstrip supply, cyber security professionals can command salaries which many employers cannot meet. In 2023 almost half of employers (44%) froze salaries for existing or new members of their security workforce, while just 17% of respondents were able to offer a pay rise above 10%.

In response to these challenges, employers are looking beyond salary increases to attract cyber talent. Remote and hybrid working opportunities, as well as greater flexibility, are becoming increasingly important.

Hays also found that organisations are failing to invest in necessary training and development programmes as the data showed that 73% of organisations invest 5% or less of their cyber security budget into talent development.

Meanwhile, over half of respondents reported their cyber security teams grew in 2023, however, investment in headcount remains to be a main area of concern for cyber security leaders. The majority of cyber security leaders said they are more concerned about their budgets than 12 months ago, 72% in 2024, up from 68% last year. This is despite 54% of this year’s respondents expecting an increase in their spending allocation, which is up from 46% in 2023.

The report findings highlight that many cyber security leaders see AI as a risk, as well as a potential solution. Most (89%) are concerned about the potential risks of AI threats. This compares with 89% who believe that AI will prove useful in improving security capabilities.

Organisations are split on whether AI can effectively replace cyber security talent, as 44% don’t believe AI will impact headcount. While over half of respondents (57%) stated they will have trained their cyber security workforce to use AI tools within the next year. 

James Milligan, Global Head of Technology Solutions at Hays, said, “In order [to] tackle cybercrime, organisations need to make the most of technology and attract and retain talent with the right skills. There are an estimated 3.5 million cyber security vacancies worldwide, however, there is an insufficient number of experienced workers, and cyber security professionals are struggling to keep their skills up to date.”

Milligan continued, “The report highlights that while there are plenty of consumers of talent, there are not enough creators. A pipeline of cyber security talent needs to be developed to solve tomorrow’s challenges. Organisations need to develop training strategies to ensure sustainable success and consider non-traditional cyber talent, such as individuals without formal education or experience. Employers also cited training opportunities as one of the best measures to attract talent and retain staff, alongside offering flexibility and remote working opportunities. These need to be taken into consideration when devising attraction and retention strategies.”

The report was completed in late 2023 and features the insights of over 1,000 cyber security leaders, from across 47 countries.