The global demand for cybersecurity workers is outpacing the supply [4], according to a new study by the nonprofit ISC2. This study analyzed data from nearly 15,000 cybersecurity practitioners and found that cutbacks [4], such as budget cuts [4], layoffs [2] [3] [4] [5] [6], and hiring freezes [4] [6], have affected almost half of them. Despite a 8.7% increase in the global cybersecurity workforce to 5.5 million jobs compared to 2022, there is still a significant workforce gap that needs to be addressed.


The study reveals that the workforce gap has grown by 12.6% during the same period, now requiring an additional four million workers to close it. More than half of the surveyed professionals reported a shortage of staff in their organizations [4], and over 90% said they have a skills gap [4]. The study also highlights the challenges faced by security professionals in dealing with a changing threat and technology landscape [2]. Three quarters of professionals consider the current threat landscape as the most challenging in the last five years [2].

The study identifies cloud computing security, artificial intelligence/machine learning [6], and zero trust implementation as areas with significant skills gaps. In fact, 67% of professionals are experiencing a shortage of cybersecurity staff. The lack of skills is impacting the use of AI and machine learning [5]. Economic uncertainty and fragmented regulations are also identified as challenges in the cybersecurity field. The rise in insider threats is a growing concern [3], with 52% of respondents reporting an increase in insider risk-related incidents [3]. Additionally, 47% of respondents admitted to having no or minimal knowledge of artificial intelligence (AI) in cybersecurity [3]. This lack of knowledge about AI is seen as a significant issue, considering that AI is foreseen as the top challenge in the next two years [6]. However, it is worth noting that 52% of cyber professionals stated that their organizations are governing the use of AI internally.

The study emphasizes the need to double the cybersecurity workforce and calls for organizations to invest in their teams and bridge the workforce gap through training [6], flexible work conditions [6], diversity [5] [6], equity [6], and inclusion programs [5] [6]. Non-technical skills such as problem-solving [6], curiosity [6], eagerness to learn [6], and effective communication are also highlighted as important attributes for cybersecurity professionals [6].


The global cyber workforce has grown to 5.5 million [1] [5], an increase of 8.7% from 2022 [5]. However, the study also reveals that the workforce gap has reached a record high of 14 million [5], highlighting the need for a doubling of the workforce to adequately protect organizations and their assets [5]. Layoffs in the cybersecurity field are exacerbating the skills deficit [5], with impacted organizations experiencing a higher skills gap compared to those that haven’t had layoffs [5]. Economic uncertainty has also led to cutbacks [5], negatively impacting threat response efficacy [5]. However, organizations are taking action to address the situation by investing in staff training [5], increasing funding for diversity and inclusion programs [5], and ramping up hiring [5]. The study also highlights the need for improvement in diversity and inclusion in cybersecurity [5], as women currently represent only 26% of professionals under the age of 30 [5]. Implementing skills-based hiring has shown positive results in increasing gender diversity [5].