The final version of the 2024 annual ISC2 Cybersecurity Workforce Study is expected to be published in October, but preliminary results highlight a serious cybersecurity workforce shortage, highlighting the growing challenges facing organizations worldwide. . The survey is based on the responses of 15,852 professionals and decision-makers from different regions of the world and highlights the criticality of developing the cybersecurity workforce, as well as the need to create opportunities for new entrants in the industry .
Early data shows that the active cybersecurity workforce will remain stable at 5.5 million professionals worldwide, a marginal increase of just 0.1% by 2023. Despite the growing demand for cyber threat protection, the growth of human resources is essentially stopped. This stagnation is attributed to many factors, such as economic pressures, geopolitical tensions, but also the increasing automation of security operations, which often reduces the need for human intervention in some areas.
In particular, while the cyber security sector has not experienced massive job losses like other sectors such as manufacturing and hospitality, new hires have slowed down significantly. According to survey data, cybersecurity jobs decreased in the United States by 5.4%, while the same trend is recorded in other countries, such as Singapore (-4.9%) and France (-4.5%). Countries such as the United Kingdom and​​​​​​​​Germany have seen almost zero growth, with a few exceptions such as Spain and Mexico seeing small increases in hiring.
The lack of staff, however, is more concerning. The cybersecurity workforce gap increased by 19% worldwide to 4.8 million positions. This gap, which reflects the difference between the number of professionals needed by the organization and those available for hire, reveals a serious need to respond to demand. To fully meet this demand, the global cybersecurity workforce will need to grow to approximately 10.2 million professionals, nearly double the number of workers today.
Some countries are experiencing a dramatic increase in labor shortages. Australia and South Korea recorded the largest increases, with rates of 71.3% and 77.9% respectively, thus highlighting the need for greater investment in the development of new skills. At the same time, a significant increase is observed in countries such as Saudi Arabia and South Africa, while Canada and Mexico note small reductions in the workforce deficit.
Skill shortages in critical technology areas exacerbate the problem. 90% of organizations surveyed report deficiencies in their cybersecurity teams, which threatens their effective operations. Although industry professionals place special emphasis on skills such as artificial intelligence, cloud computing and the implementation of a zero-trust model, recruiters do not value these skills with the same weight . In particular, while professionals see AI as one of the most important skills for the future, hiring managers place little on their priorities.
The mismatch between the needs of professionals and organizations creates additional barriers to filling vacancies, with 58% of respondents saying that understaffing puts their organizations at serious risk. The economic impact of cyber-attacks is huge. The average cost of a data breach incident in 2024 is $4.88 million, while the cost of a malicious incident caused by an insider is $4.99 million. In addition, the average cost to manage the consequences of a cyber attack, such as remediation, is approximately $830,000.
Organizations that lack sufficient human resources and appropriate skills remain exposed to increased risk, both in terms of security and financial viability. About 67% of organizations surveyed said the shortage of cybersecurity professionals remains stable compared to last year, while 31% say they have no new entrants to their teams.
Some sectors are more affected by skills and staff shortages. For example, education, manufacturing and healthcare record the highest vacancy rates, with 96% of organizations in the education sector reporting severe shortages. In addition, the utility and power generation industry faces the greatest shortage of OT (Operational Technology) management skills, increasing the risks to critical infrastructure.
Despite the difficulties, some geographies are showing growth in cybersecurity strength. The Middle East and Africa saw the largest increase, with the labor force growing by 7.4% in 2024. In contrast, the two largest regions in terms of active labor force, the Americas North and Europe saw a decrease of 2.7% and 0.7% respectively. . Particularly affected were countries such as the United Kingdom and ​​Germany, where the workforce was significantly reduced.
The research highlights the urgent need for employers to take action to reduce the skills gap and strengthen their cyber security teams. Three main areas of action are proposed. First, organizations need to create new jobs that cover a wide range of experience, incorporating new and seasoned professionals, to ensure that there is a constant flow of new talent in the industry. Second, the recruitment strategy must include the development of skills in the workplace, emphasizing education and continuous training to meet the new challenges that arise. Third, employers need to review their expectations of candidates, balancing their needs with the current skills available in the labor market.