The cybersecurity field is lacking hundreds of thousands of workers - and this new research shows us why

Small Business office
(Image credit: Getty Images)

New research from ISACA shows that businesses are facing increased risk from the cyber skills gap.

The report comes in light of the fact that Europe is currently facing a shortage of between 260,000 to 500,000 skilled cybersecurity workers, and with cyberattacks fast becoming a daily occurrence for businesses, the report shows that over three-quarters (78%) of security leaders believe most organizations are under-reporting the attacks they experience.

 With over half (52%) of organizations experiencing more cyberattacks than last year, it has never been more important to have a robust cyber defense. However, 62% of leaders in the cybersecurity field say that their teams are understaffed, and only an astounding 41% have a high level of confidence in their teams ability to handle cyber threats.

Retention, training, and upskilling

These statistics signal just how dire the cyber skill landscape is - but things are starting to improve. Compared to 2022, staffing within the cybersecurity field has marginally increased, up from 34% of respondents describing their team as ‘appropriately staffed’, to 36% in 2023.

Around a third of respondents (34%) said most of the vacant positions within their cybersecurity team were at the lowest level, individual contributors/technical cybersecurity. Contrast this with the type of positions that are unfilled - 50% non-entry-level compared to 21% entry-level - and it's understandable how this crisis has come to be.

Entering the field of cybersecurity requires not only experience, but also qualifications, which companies are hesitant to invest in due to the current crisis in retention. However, if you are looking to work in this field, there are some key skills that are sure to get you hired, with identity and access management (IAM); cloud computing; data protection; incident response; and DevSecOps all named as vital.

There are also key soft skills that are highly desirable within the industry as a whole, such as; communication; critical thinking; problem-solving; teamwork; and attention to detail. 

“If businesses are to maintain their cyber resilience in an ever-evolving threat climate, we must encourage and nurture talent in the cybersecurity industry.” said Chris Cooper, member of ISACA’s Emerging Trends Working Group, “Employers are looking for people who already have hands-on experience, but we will only enable people to build that experience by creating more entry-level roles and investing in the right training and development for everyone in the industry, from the ground up.” 

More from TechRadar Pro

Benedict Collins
Staff Writer (Security)

Benedict has been writing about security issues for close to 5 years, at first covering geopolitics and international relations while at the University of Buckingham. During this time he studied BA Politics with Journalism, for which he received a second-class honours (upper division). Benedict then continued his studies at a postgraduate level and achieved a distinction in MA Security, Intelligence and Diplomacy. Benedict transitioned his security interests towards cybersecurity upon joining TechRadar Pro as a Staff Writer, focussing on state-sponsored threat actors, malware, social engineering, and national security. Benedict is also an expert on B2B security products, including firewalls, antivirus, endpoint security, and password management.