Cyber skills gap reaches 4 million just as security teams see layoffs

The global cybersecurity workforce gap has reached four million people, a 12.6% increase compared to 2022, according to the ISC2 2023 Cybersecurity Workforce Study. 

More than nine in 10 (92%) of professionals surveyed revealed they had skills gaps in their organization, with 67% reporting having a shortage of cybersecurity staff needed to prevent and troubleshoot security issues. 

This shortfall comes despite an 8.7% increase in the global cybersecurity workforce compared with 2022, reaching 5.5 million professionals. 

The cyber skills gap has been exacerbated by significant cutbacks to cybersecurity operations amid the turbulent global economic environment. 

Nearly half (47%) of respondents said they had experienced cyber-related cutbacks in the past year, including layoffs, budget cuts and hiring or promotion freezes. Of this group, 22% were impacted by layoffs, both first- and second-hand, within cybersecurity.  

An additional 28% of cyber professionals reported layoffs elsewhere in their organizations, which has had a significant impact on security teams. 

More than a third (35%) of respondents in organizations that had implemented cutbacks have seen company-wide cybersecurity training programs eliminated. Close to three-quarters (71%) of this group reported a negative impact on their workload as a result of organizational cutbacks, while 57% felt their threat response was inhibited. 

Overall job satisfaction remained high however, with 70% reporting being somewhat or very satisfied in their jobs today. This represents a slight fall from 74% in 2022. 

Over half (52%) of respondents reported an increase in insider risk-related incidents, and half had either personal or second-hand contact with a malicious insider in the past year. 

Of those who have had this kind of contact, 39% said they or someone they know has been approached to become a malicious insider at their organization, Meanwhile, 33% have been targeted at home or at work because of their professional role. 

This rise in insider threats is linked to the economic environment, with 71% of respondents agreeing that times of economic uncertainty increases the risk of malicious insiders. 

Respondents at organizations that have had layoffs in cybersecurity are three-times more likely to have been approached as malicious insiders. 

Another concerning finding from this year’s Workforce Study was that 47% of respondents admitted they have no or minimal knowledge of artificial intelligence (AI), and just 16% said they have significant knowledge in this area. 

AI and machine learning (32%) was behind only cloud security (35%) for the area which had the most gaps in knowledge in security teams. In third was zero trust implementation (29%). 

Risks associated with AI and emerging technologies was cited as the biggest challenge facing cybersecurity professionals over the next two years (45%), followed by worker/skill shortages (43%) and keeping up with changing regulatory requirements (38%). 

Encouragingly, 52% of cyber professionals said their organizations are governing the use of AI internally, expanding their management of AI or planning to formally manage AI use within the next 12 months. 

Participants also listed advancements in AI as the third most positive impact on their ability to secure their organization, behind zero trust (34%) and automation (40%).