The cybersecurity field is lacking hundreds of thousands of workers - and this new research shows us why

News
By published

Do people just not want to work, or are companies too picky with their requirements?

Small Business office
(Image credit: Getty Images)

New research from ISACA shows that businesses are facing increased risk from the cyber skills gap.

The report comes in light of the fact that Europe is currently facing a shortage of between 260,000 to 500,000 skilled cybersecurity workers, and with cyberattacks fast becoming a daily occurrence for businesses, the report shows that over three-quarters (78%) of security leaders believe most organizations are under-reporting the attacks they experience.

 With over half (52%) of organizations experiencing more cyberattacks than last year, it has never been more important to have a robust cyber defense. However, 62% of leaders in the cybersecurity field say that their teams are understaffed, and only an astounding 41% have a high level of confidence in their teams ability to handle cyber threats.

Article continues below

Retention, training, and upskilling

These statistics signal just how dire the cyber skill landscape is - but things are starting to improve. Compared to 2022, staffing within the cybersecurity field has marginally increased, up from 34% of respondents describing their team as ‘appropriately staffed’, to 36% in 2023.

Around a third of respondents (34%) said most of the vacant positions within their cybersecurity team were at the lowest level, individual contributors/technical cybersecurity. Contrast this with the type of positions that are unfilled - 50% non-entry-level compared to 21% entry-level - and it's understandable how this crisis has come to be.

Entering the field of cybersecurity requires not only experience, but also qualifications, which companies are hesitant to invest in due to the current crisis in retention. However, if you are looking to work in this field, there are some key skills that are sure to get you hired, with identity and access management (IAM); cloud computing; data protection; incident response; and DevSecOps all named as vital.

There are also key soft skills that are highly desirable within the industry as a whole, such as; communication; critical thinking; problem-solving; teamwork; and attention to detail. 

“If businesses are to maintain their cyber resilience in an ever-evolving threat climate, we must encourage and nurture talent in the cybersecurity industry.” said Chris Cooper, member of ISACA’s Emerging Trends Working Group, “Employers are looking for people who already have hands-on experience, but we will only enable people to build that experience by creating more entry-level roles and investing in the right training and development for everyone in the industry, from the ground up.” 

More from TechRadar Pro

Benedict Collins
Benedict Collins
Senior Writer, Security

Benedict is a Senior Security Writer at TechRadar Pro, where he has specialized in covering the intersection of geopolitics, cyber-warfare, and business security.

Benedict provides detailed analysis on state-sponsored threat actors, APT groups, and the protection of critical national infrastructure, with his reporting bridging the gap between technical threat intelligence and B2B security strategy.

Benedict holds an MA (Distinction) in Security, Intelligence, and Diplomacy from the University of Buckingham Centre for Security and Intelligence Studies (BUCSIS), with his specialization providing him with a robust academic framework for deconstructing complex international conflicts and intelligence operations, and the ability to translate intricate security data into actionable insights.