Filling the Cybersecurity Workforce Gap – Insights from the 2017 Global Information Security Workforce Study

Globally, Cybersecurity professionals are responding to more powerful and more frequent attacks on their networks. Keeping pace with the expanding threat landscape is a huge challenge and not everyone feels they have the knowledge or skills to be effective.

Historically threats were limited by the number of skilled individuals that had the technical ability to design and execute an attack. This is no longer the case, with the expertise is more readily scalable, available and marketed to cybercriminals.

The primary concern across all regions is data exposure with some variation in different parts of the globe. North America and APAC are most worried about Data exfiltration with LATAM and Europe more preoccupied with ransomware In the Middle East & Africa, hacking is the primary concern. Common to all is the understanding that a skilled workforce ready to respond is critical and many do not feel they have the staff necessary to address threats.

The much-reported shortage of information security workers is widening, and as more industry sectors recognise the importance of a skilled cyber workforce – this gap is only going to get bigger. In 2015, Frost & Sullivan forecasted a 1.5 million worker shortage by 2020. This figure has been revised to a 1.8 million worker shortage by 2022. More organisations are looking to protect their data and they are increasing their recruitment efforts in an already shrinking pool – 70% of hiring managers will increase their workforce this year, and of those 30% wish to expand by 20% or more.

Traditional recruitment channels need to be revisited and overhauled if hiring managers are going to be able to meet their recruitment needs – the conventional approach is not effective – some new thinking is needed:

  • Look beyond IT – cybersecurity professional may not have always been in IT – by looking beyond traditional technical recruitment channels, hiring managers may be able to find people that have potential but would need to be supported with the relevant training and personal development to address the skills requirement.


  • Clarity in requirements – although hiring managers prioritise communication and analytical skills workers themselves put a greater emphasis on their technical ability. This disconnect needs to be addressed.


  • Retention – The rate at which workers leave their roles (given the demand for their skills, salary expectation) is high. This can cause employers to question the value of their investment in their development – if they are only going to take their newly honed skills elsewhere. With money NOT being the primary concern for Millennials, employers need to use their hiring and professional development strategies as a key part of their retention efforts.


  • Balance – The information security workforce is dominated by men with many barriers faced by women in the field. Beyond gender, young workers are also more likely to leave their job – building higher levels of loyalty with a clearly communicated development strategy is important in retaining these workers.


Underlying many of these approaches is training. Providing people with a development programme that is aligned with their own personal career progression can foster a loyal, committed workforce, focused on enhancing their skills and expanding their knowledge. In a highly competitive recruitment market and facing ever-greater threats to cybersecurity – employers need to recognise and prioritise the role of training in their cybersecurity strategy.