IE 11 Not Supported

For optimal browsing, we recommend Chrome, Firefox or Safari browsers.

Global Study Finds Organizations Facing Cybersecurity Gaps

Specifically, organizations worldwide are dealing with gaps in cybersecurity skills and staffing gaps, fueled in part by limited hiring budgets. A new study, however, offers potential solutions.

Cybersecurity workforce concept showing a white lock symbol in the foreground and silhouettes of business people in the background.
Shutterstock/Rawpixel.com
Organizations worldwide are struggling to meet cybersecurity staffing needs, and most are worried about skill gaps, according to afirst look at new research from ISC2, a cybersecurity member organization.

These findings come at a time when nearly two-thirds of study respondents say the current cyber threat landscape is the most challenging they have seen in the last five years. ISC2 tracks the global cyber workforce gap, which means the separation between the number of cybersecurity professionals organizations need and the number of professionals available to be hired. This year, the cyber workforce gap was 4.8 million. That’s a 19 percent year-over-year increase — outstripping the 12.6 percent increase in 2023.

Meanwhile, the number of cybersecurity professionals currently employed worldwide stayed essentially flat, rising just 0.1 percent year-over-year. That contrasts with 2023, when the workforce grew 8.7 percent.

Workforce gaps are less dramatic in the U.S., where the gap rose 4.4 percent year-over-year, compared to 17.6 percent in 2023. And in contrast to global trends, the size of the U.S. active cyber workforce actually shrunk, declining by 3 percent. Additionally, the number of new U.S. cybersecurity job postings listed on LinkedIn dropped 5.4 percent.

Worldwide, financial strain became a bigger barrier to meeting cybersecurity needs. The study found that 39 percent of global respondents listed budget as a reason for their staff shortages. This marked the first time ISC2 respondents said insufficient budget was the top driver for understaffing since the study began capturing such information in 2018; in all the prior study years, the top reason was “lack of qualified talent.”

What cyber staff organizations did have on hand often could not provide all the skills organizations wanted, study respondents said. Among global respondents, 90 percent reported skill shortages. And 64 percent said skills gaps are a bigger issue than staffing gaps.

Critical infrastructure and government respondents were slightly more likely than average to report skill gaps, with 91 percent of critical infrastructure citing this issue and 92 percent of government respondents doing the same. Governments were especially likely to have gaps in zero-trust implementation skills.

Some organizations may need to change strategies to address these gaps. The study found some mismatches between skills applicants think are in demand versus the skills sought by hiring managers. For example, 23 percent of applicants captured in the study believe AI and machine learning (ML) skills are in demand, but only 12 percent of hiring managers said they look for such skills. Meanwhile, 34 percent of organizations highlighted AI/ML as a skill gap on their security teams.

The study also found a notable proportion of organizations’ cyber teams had no pipelines for onboarding early-stage professionals and growing their talent. Thirty-one percent of global respondents lacked entry-level professionals and 15 percent lacked junior professionals with 1-3 years of experience. Study authors advised that organizations are likely to find it more difficult and expensive if they only try to hire to fill mid- and high- level roles, rather than also onboarding and training up people earlier in their careers. The latter approach may also be more sustainable.

Starting to offer such career paths requires first determining which skills are must-haves for new hires, and which can be taught on the job. That kind of effort should go hand in hand with revising open job descriptions, to clarify what’s expected from applicants — helping resolve the confusion between the skills applicants believe are in demand and those the hiring managers are looking for, study authors suggested.

The full study is slated for release in October.
Jule Pattison-Gordon is a senior staff writer for Governing and former senior staff writer for Government Technology, where she'd specialized in cybersecurity. Jule also previously wrote for PYMNTS and The Bay State Banner and holds a B.A. in creative writing from Carnegie Mellon. She’s based outside Boston.