The global cybersecurity workforce will be short by around 1.8 million people by 2022, according to a new report by Frost & Sullivan, representing a rise of around 20 percent since 2015.
The Global Information Security Workforce Study (GISWS) is carried out every two years by the Center for Cyber Safety and Education and (ISC)², with the 2015 report identifying a workforce shortage of around 1.5 million by 2020.
This latest report reveals the outlook isn’t getting any rosier.
The findings from the updated survey, which taps insights from around 19,000 cybersecurity professionals, are being drip-fed throughout 2017 via a series of dedicated reports. But the inaugural results show that around two-thirds of those surveyed currently don’t have “enough workers to address current threats,” while 70 percent of managers responsible for hiring want to bolster their in-house security teams to some degree this year.
Cybersecurity investment has gone through the roof in recent years — just today, Illumio announced it had raised $125 million to help protect data centers against cyberthreats. And technology companies are getting increasingly creative in their quest to grow the available cybersecurity talent — last year, Facebook revealed it was open-sourcing its Capture the Flag competition platform that teaches developers about cybersecurity. Why? Because of the anticipated demand for cybersecurity professionals in the coming years.
Elsewhere, networking technology giant Cisco has been going all-in to boost its cybersecurity credentials. Last June, it launched a $10 million scholarship to tackle cybersecurity talent shortage. As part of the two-year program, Cisco said it would provide training and mentoring to present successful graduates with a certification that qualifies them for a security operations analyst role.
“Many CEOs across the globe tell us their ability to innovate is hampered by their security concerns in the digital world,” noted Jeanne Beliveau-Dunn, vice president and general manager at Cisco Services, at the time. “This creates a big future demand for skill sets that don’t exist at scale today.”
In addition to scholarships, Cisco has also been acquiring cybersecurity companies, including Sourcefire, which it snapped up for a hefty $2.7 billion; OpenDNS, which it acquired for $635 million; and Lancope, which it brought on board for a cool $453 million.
Other companies are following similar plans. Microsoft, for example, which has been setting out to build the “intelligent cloud platform” since Nadella took over as CEO back in 2014, has been snapping up cybersecurity startups and launching dedicated facilities to help thwart online chicanery.
“There is a definite concern that jobs remain unfilled, ultimately resulting in a lack of resources to face current industry threats — of the information security workers surveyed, 66 percent reported having too few of workers to address current threats,” said (ISC)² CEO David Shearer. “We’re going to have to figure out how we communicate with each other, and the industry will have to learn what to do to attract, enable and retain the cybersecurity talent needed to combat today’s risks.”
One solution to the human cybersecurity shortage is artificial intelligence, another area that is seeing significant investment. Last year, Cylance raised $100 million to help businesses protect themselves from zero-day attacks through automation. Others in the AI cybersecurity space include Fortscale, which uses big data analytics and machine learning to identify malicious user behavior; Jask and Darktrace are doing something similar.
The report also found that 87 percent of cybersecurity workers started their careers doing something different, which is juxtaposed against the 94 percent of hiring managers who indicated they were looking for staff with existing experience in the field. This hints at one possible crux of the recruitment problem: Leadership may not fully understand job requirements, according to the results of the GISWS report.