printer friendly version

Workforce shortage impacts 85% of organisations

Trellix conducted new research into the talent shortage afflicting the cybersecurity industry. Among the key findings, 85% of those surveyed believe the workforce shortage is impacting their organisations’ abilities to secure increasingly complex information systems and networks, while almost a third (30%) of the current workforce plans to change professions in the future.

“Our industry is already 2.72 million people short ^[1]. Cultivating and nurturing a cybersecurity workforce for our future requires expanding who we view as talent and changing our practices across the public and private sectors,” said Bryan Palma, CEO of Trellix. “Closing the cybersecurity talent gap is not only a business imperative, but important to national security and our daily lives. We need to remove barriers to entry, actively work to inspire people to do soulful work and ensure those in the field are retained.”

The findings are based on a Vanson Bourne survey, commissioned by Trellix, of 1000 cybersecurity professionals across a variety of sectors, in several countries around the world, including Brazil and India,.

“The research addresses global issues that affect businesses and governments everywhere in the world, with South Africa’s public and private sector organisations being increasingly vulnerable to cyberattacks due to a distressing lack of skills and emigration rate,” says Carlo Bolzonello, country lead for Trellix in South Africa. “The industry offers great opportunities for people with varied backgrounds – analytical and inquisitive people learn the ropes quickly, and build successful careers quickly.

“The research highlights the major issues that have led to the skills gap that impacts the sector so much,” Bolzonello adds.

More education is needed

As threats from nation-state actors and cybercriminals grow in volume and sophistication, the worldwide shortage of cybersecurity professionals grows as well. While some countries like Russia and China invest deeply in nurturing cybersecurity talent through state-funded education, many nations are without dedicated programmes. Trellix sought to understand education levels and attitudes of professionals and found over half (56%) believe that degrees aren’t needed for a successful career in cybersecurity. The survey also found:

• Support for development of skills (85%) and with certifications (80%) were selected as highly or extremely important factors for the industry to address in order to expand the workforce.

• Efforts to promote cybersecurity careers (43%), encouraging students to pursue STEM-related careers (41%), and further funding support (39%) were most likely to be ranked within the top three areas that would attract people to work in the cybersecurity industry.

• 94% state that their employers could be doing more to encourage community mentoring programmes with a presence in K-12 schools.

Diversity drives better outcomes

When it comes to encouraging more people to consider a career in cybersecurity, respondents reported inclusivity and equality for women (79%), diversity of the cybersecurity workforce (77%) and pay gaps between different demographic groups (72%) as highly or extremely important factors for the industry to address. Of the cybersecurity professionals surveyed, 78% are male, 64% white and a large majority of respondents (91%) believe there needs to be wider efforts to grow the cybersecurity talent pool from diverse groups. Additional findings include:

• Most respondents (92%) believe greater mentorship, internships and apprenticeships would support participation of workers from diverse backgrounds into cybersecurity roles.

• 85% note a lack of understanding of the varied opportunities available in cybersecurity limits the number of those working within a cybersecurity profession today.

• Those surveyed believe their employers could be doing more to consider employees from non-traditional cybersecurity backgrounds (94%) and 45% report having previously worked in other careers.

Cybersecurity is soulful work

The survey found the vast majority (94%) believe the role of those working in cybersecurity is greater now than ever before and a similar number (92%) report cybersecurity as purposeful, soulful work that motivates them. However, cybersecurity professionals are hungry for recognition, with 36% noting they feel a lack of acknowledgement for the good done for society and of those looking to leave the field, 12% say it is due to lack of feeling appreciated. The survey discovered:

• More than half (52%) report working within cybersecurity because it’s progressive and evolving and because they enjoy exploring challenging new trends.

• 41% report cybersecurity is continuously growing in relevancy and roles will always be accessible as a reason for staying in the profession.

• Around one in five (19%) also note they value doing something to help society for the greater good.

Trellix recently released its In the Crosshairs: Organizations and Nation-State Cyber Threats report which found organisations report limited cybersecurity skills and a need for support to recruit and train additional staff as barriers to protect themselves against nation-state cyber threats. Trellix also recently published Path to Cyber Readiness – Preparation, Perception and Partnership, which notes in-house cyber skills issues were reported by 49% of U.S. government agencies.

^[1.] (ISC)² Cybersecurity Workforce Study, 2021

Share this article:

Further reading: