Though 90% of organizations have unfilled positions or underskilled staff on their cybersecurity groups, hiring for these jobs has, for the primary time in six years, floor to a halt.
That is in keeping with the 2024 ISC2 Cybersecurity Workforce Research, which discovered that the worldwide workforce has held regular at 5.5 million folks year-over-year, recording only a negligible 0.1% improve from 2023 (although some pockets of elevated cyber hiring stay).
To place that in perspective, final 12 months, the cybersecurity workforce grew 8.7% year-on-year, regardless of declining funding in know-how and cyber platforms.
The primary driver for 2024’s job market inertia is simple: an absence of price range for including head rely and upskilling. A full 67% of respondents to the ICS2 survey cited price range as their prime trigger for staffing shortages, changing final 12 months’s No. 1 cited motive for empty positions, which was a lack of certified expertise.
Though 74% of respondents stated the risk panorama is essentially the most difficult they’ve skilled prior to now 5 years, “professionals are feeling the impact of declining investments in the cybersecurity workforce, including budget cutbacks and layoffs, [which affects] workforce satisfaction, the development of organizational security, the adoption of latest applied sciences, and extra,” in keeping with the report.
Supply: 2024 ISC2 Cybersecurity Workforce Research
Certainly, ISC2 discovered that cybersecurity job satisfaction has fallen from 74% in 2022 to 66% in 2024. Moreover, respondents stated that employee shortages had been their greatest problem over the previous 12 months, however there is not any finish in near-term sight. In addition they predicted that shortages will proceed to be a big problem over the subsequent two years.
“As financial situations continue to impact workforce investment, this year’s Cybersecurity Workforce Study underscores that many organizations are putting their cyber teams under significant strain, risking burnout and attrition as job satisfaction rates fall,” said ISC2 acting CEO and CFO Debra Taylor, in a statement.
In the meantime, greater than half of these surveyed (58%) imagine a scarcity of abilities puts their organization at significant risk; 59% of respondents agree that skills gaps have already substantially affected their ability to secure their organizations. The statistics bear this out: ISC2 found that organizations with critical or significant skills gaps are almost twice as likely to experience a material breach compared with organizations that reported no skills gaps.
The good news is that out of those already in cyber-related jobs, three-quarters (73%) said they’re focused on building their cybersecurity skill set, with 48% interested in learning more AI-related skills (more than one-third of respondents cited AI as the most important abilities shortfall on their groups).
About half (52%) stated they’re targeted on hanging on to their positions by changing into a extra strategic contributor to their organizations.
AI to the Cyber Job Rescue?
If there’s a silver lining to the perceived staffing shortage, respondents believe it will come from the year’s hottest buzz class: generative synthetic intelligence (GenAI).
ISC2 respondents said that AI and automation will have the most significant impact on their ability to secure their organizations. A full 68% agree that within the next two years, they will be able to use GenAI effectively as part of their roles. And a large majority (80%) said their cybersecurity skill set will be more important in an AI-driven world.
“AI is seen by professionals as an answer to strengthen their organizations’ safety and create new efficiencies for his or her groups,” Taylor said. “In addition they view successfully managing threat related to AI adoption and its strategic significance to their group’s future success as profession development alternatives for themselves and their friends. Organizations and cybersecurity leaders should acknowledge how AI can contribute to creating extra resilient safety groups, particularly whereas financial challenges persist.”
Already, 45% of respondents’ groups are utilizing AI in cybersecurity instruments. ISC2 discovered the highest 5 use circumstances to be:
-
Augmenting common operational tasks (56%)
-
Speeding up report writing and incident reporting (49%)
-
Simplifying risk intelligence (47%)
-
Accelerating risk searching (43%)
-
Bettering coverage simulations (41%)
That said, the lack of a clear GenAI strategy was cited as one of the top barriers to its organizational adoption by nearly half (45%) of all participants. And just how AI will affect the kinds of expertise a future cyber workforce will need remains unclear.
In response to the report, “AI is a recreation changer for 2 essential causes. First, consultants predict AI will have the ability to substitute a number of the technical abilities wanted in cybersecurity. Second, and arguably extra vital, nobody is definite how AI will manifest in cybersecurity since they at present can not predict what abilities, if any, it should substitute. Because of this uncertainty, hiring managers aren’t speeding to rent extra specialised staff. As an alternative, they’re prioritizing nontechnical abilities, like problem-solving, that might be transferable by the elevated use of AI.”