A first look at data from the 2024 ISC2 Cybersecurity Workforce Study has revealed a marked need for organizations to increase opportunities for cybersecurity workforce growth, enable more entry-level professionals to enter the field, and develop much-needed skills with support from experienced peers.
According to new research, the growth of the global cybersecurity workforce has slowed for the first time in six years, while cyber threats show no signs of slowing.
Key Figures from This Year’s Study
- Size of the Active Cybersecurity Workforce: 5.5 million Globally (up 0.1% YoY)
- Size of the Workforce Gap: 4.8 million Globally (up 19% YoY)
- Total Workforce Needed to Satisfy Demand: 10.2 million Globally (up 8.1% YoY)
Once again, this makes 2024 the first year in which the cyber workforce has slowed in the six years since ISC2 began estimating the workforce size in 2018.
Additional data from LinkedIn supports this, showing that the number of new cybersecurity job postings year-on-year in the U.S. has declined by 5.4%, Singapore by 4.9%, France by 4.5%, Canada by 3.5% and Brazil by 2.5%. Job postings in the UK are flat, with Germany and Australia reporting just 1% increases in job postings. The standout countries for job posting growth were Spain and Mexico, up 5.5% and 6.8%, showing a concerted effort to address lower actual job growth and, in the case of Mexico, a declining workforce size.
Furthermore, the LinkedIn analysis of the cybersecurity jobs market shows that alongside the overall lack of growth, job posting market share has seen a pronounced uplift in Latin American countries in the last three years (Brazil 11.2% growth in overall share of new jobs posted, Mexico 3%) alongside Germany (11%) and Poland (6.2%). Meanwhile, the U.K.’s share of job postings was flat while the U.S., India, Canada, Netherlands, Spain, Singapore, France, and Italy have all seen their share of the total number of jobs posted fall over the last three years. In the case of Italy, by 10%, the largest negative shift in the LinkedIn data.
The drop-off in job postings is supported by data from the ISC2 study, which shows that cybersecurity teams over the past year have seen evidence of hiring and advancement opportunities reducing. At a time when organizations can least afford the cost, disruption, and reputational damage of a cybersecurity incident, the profession is under its greatest pressure to maintain safety and security with fewer resources:
ISC2 noted that for the first time, respondents cited a ‘lack of budget’ as the primary factor driving their staff shortages, overtaking the ‘lack of qualified talent’, which participants have pointed to in previous years.
For example, 37% of respondents reported they had their budgets cut in the last year, up 7% year on year.
Budget pressures also came in the form of layoffs to security teams, which affected a quarter of the participants in the survey. A further 38% of cyber professionals said they had experienced hiring freezes at their organization, which represents a 6% increase from 2023.
Similarly, almost one third (32%) of participants reported seeing fewer promotions at their company during this period.
The slowdown comes at a time cyber attacks are coming thick and fast, with 74% of cyber practitioners and IT decision-makers stating that the 2024 threat landscape was the most challenging it has been in the last five years.
UK sees largest decline in cyber workers around the world
Notably, a number of nations saw their cyber workforce shrink throughout 2024, according to ISC2 estimates, including Canada, Germany, Mexico, the UK, and the US.
The number of UK cyber professionals dropped from 367,300 to 349,360 over the year, falling by almost 5%, the largest contraction around the world.
Moving to the US, American cyber workers numbered 1,338,507 in 2023 and shrunk by 3% to 1,298,804 in 2024, but despite the decrease, the region still held the largest active cyber workforce in the world.
Cyber teams have no young talent coming through the door
The workforce deficit was not the only gap on the front of security practitioner’s minds, ISC2 noted, adding that skills shortages continue to plague organizations around the world.
More than half (58%) of the participants indicated that they faced skills shortages at their organization, while 64% said skills gaps present a greater challenge to securing businesses than staffing shortages.
Respondents cited AI (34%), cloud security (27%), zero trust implementation (27%), and application security (24%) as the top areas where skills gaps are being felt the hardest.
The result is that security teams are experiencing a dearth of new talent coming through the door. Nearly one-third of participants added that their security teams had no entry-level professionals on their teams, and 15% said they had no junior-level professionals (those with 1 – 3 years of experience).
In addition, hiring managers, 62% of which reported having open roles in their teams, said they were focusing on hiring mid to advanced-level roles rather than a broad mix of experience and abilities.
ISC2 argued this demonstrates that a large swathe of organizations do not have a steady flow of cyber professionals who can “develop their foundational skillset in-house to bolster existing teams and instead are relying solely on hiring pre qualified talent.”
Source: ISC2