Gorodenkoff // Shutterstock
Written by Dom DiFurio
The ninth-most populous city’s government was thrown offline for days. Sensitive information maintained by the U.S. Marshals Service was compromised. A state supreme court’s computer system was hobbled. These are just a few of the cyberattacks on critical U.S. digital infrastructure that have happened since the start of 2023—a continuation of trends that have accelerated in recent years.
The disruptions are becoming an increasingly frequent part of American life, imperiling Americans’ right to privacy and security in their daily lives. In 2022 there were 40% more cyberattacks against companies in all industries compared with 2021, according to the latest annual cyberthreat report from Check Point Research.
And the cybersecurity industry has been shining a bat signal of sorts for years—calling for more attention to be placed on the rising need for professionals to combat those threats.
Consumer-focused cybersecurity nonprofit Comparitech recommends a number of VPN providers, or virtual private network providers, on personal devices to add additional protection against attackers at the network layer. But when it comes to the security of personal information kept by the businesses we patronize and our local governments, the public relies on a specialized workforce of information technology professionals and other experts well-versed in security practices.
And when those businesses deprioritize security personnel, staffers worry it puts consumer info and the businesses themselves at risk. More than half of organizations that report a significant staff shortage say the lack of workers puts their company at moderate risk of a cyberattack.
Drata compiled statistics from ISC2 and other industry sources to illustrate the current state of the IT and cybersecurity workforce, which projections show is struggling to keep pace with the demand for trained professionals in an industry where prevention is golden.
The size of the U.S. cybersecurity workforce has grown 50% since pre-pandemic
The cybersecurity industry spans the private and public sectors and has been growing steadily in the U.S. since ISC2 began tracking workforce data in 2019. The firm’s 2022 data comes from surveys of nearly 12,000 professionals around the globe.
Demand for cybersecurity professionals is growing twice as fast as the workforce
While the U.S. grew cybersecurity jobs by 5.5% in 2022 compared to 2021, the number of jobs needed grew by 9% over the same period.
The most demand right now in the U.S. is for more advanced positions—chief among them cybersecurity engineers, according to job posting data from Lightcast analyzed by CyberSeek. The role typically requires knowledge of a number of security domains, including security engineering, security operations, application security, security compliance, vulnerability management, in addition to technical skills such as advanced experience with Linux, Windows, log query languages, programming languages such as Python, Goland, and basic project management skills.
High demand is a trend seen globally, according to ISC2. Of the 14 countries tracked by the firm, India tops the list of countries seeing their workforce supply and demand gap grow the fastest over the last year, ballooning more than 600%.
Gorodenkoff // Shutterstock
The cybersecurity workforce grew fastest last year in Asian countries
While the rate of workforce growth flattened in Germany after seeing a tremendous rise in 2021, Eastern nations like Japan have outpaced the U.S. in the growth of their cybersecurity workforce.
North American countries experienced the least growth in their cybersecurity workforces last year, according to ISC2 data. North American countries added workers at a rate of 6.2% year over year, compared to countries in Asia and the Pacific region, which collectively added 15.6% more.
Joyseulay // Shutterstock
More than half of organizations around the world are using automation to help bridge the employment gap
New technologies always promise to relieve the pressure for more human labor inside companies. Software automation is one space that’s done just that, according to business leaders who responded to ISC2’s surveys.
Not all solutions to worker shortages are particularly effective, however, ISC2’s findings suggest. Companies that outsourced cybersecurity work were more likely to see a shortage of those workers. Though there are fewer of them, companies that implemented internal training, mentorship, and job rotation programs were least likely to see staffing shortages.
The Great Resignation has hit the cybersecurity industry, too
Organizations participating in the ICS2 surveys say the top reason they’re understaffed is because they can’t find qualified talent. The next most common reasons? High turnover and attrition as well as lack of competitive pay.
As white-collar workers made the transition to working from home in 2020, information security analysts working in digital industries were shouldered with keeping digital assets secure. All the while, those workers themselves are seeking the same things as many Americans have—a workplace that better fits the lifestyle they want.
Turnover reported to ISC2 at North American firms increased from 13% in 2021 to 21% in 2022, showing these professionals are willing to change jobs to get what they want.
Data reporting by Dom DiFurio. Story editing by Jeff Inglis. Copy editing by Tim Bruns. Photo selection by Elizabeth Ciano.
This story originally appeared on Drata and was produced and distributed in partnership with Stacker Studio.