The cybersecurity industry has an urgent talent shortage. Here’s how to plug the gap

A global shortfall in cybersecurity talent must be tackled rapidly. That’s the view of the World Economic Forum in its Strategic Cybersecurity Talent Framework white paper, which aims to rally millions of industry professionals to help safeguard our digital world.

The global cybersecurity workforce grew by 12.6% between 2022 and 2023 – a significant year-on-year climb for any industry. But the talent gap is still far from filled. Today, four million workers in the cybersecurity industry are needed worldwide, the white paper highlights.

The workforce shortage is a global concern that spans nation states and industries. Estimates suggest that by 2030 there could be a global talent shortage of more than 85 million workers. In just six years, the Forum says this significant talent squeeze could lead to an estimated $8.5 trillion in unrealized annual revenue. If this sum was the GDP of a country, it would be the third highest in the world after economic superpowers the US and China.

The cybersecurity industry is affected by this global shortage of workers and urgently needs to take actionable approaches to attract and retain skilled staff. Two-thirds of organizations face additional risks because of cybersecurity skills shortages, yet only 15% of firms expect cyber skills to significantly ramp up by 2026, the white paper explains. The Forum notes that the cyber industry’s continual demand for talent means “there is little optimism that the supply will catch up” despite intensifying pressure points.

Cybersecurity talent is the industry's main defence against a rapid rise in online attacks that are increasingly complex and unpredictable.

The extraordinarily fast evolution of cyber attackers’ abilities is inadvertently being complemented by a growing choice of technologies – such as AI, big data and predictive analytics – that they can use to leverage their threats.

There was a 72% climb in the number of data breaches worldwide in 2023. The healthcare sector is particularly vulnerable, says Natasa Perucica, Capacity Building lead at the Forum’s Centre for Cybersecurity, because attacks “can result in consequences that can have implications for the human life of patients”. She gives the example of deliberate misplacement of prescriptions, or taking control of medical instruments.

Consequently, it is “imperative for decision-makers to prioritize cybersecurity talent management as a strategic necessity,” the Forum says. Collective efforts, such as the Forum’s Bridging the Cyber Skills Gap, can help build positive momentum.

According to the recently released whitepaper, cyber's talent shortage is greatest in Asia-Pacific and North America, but the challenge for the cybersecurity industry is global.

India is home to nearly one-third of the world’s graduates in science, technology, engineering and mathematics (STEM), yet 30% of its 40,000 job vacancies for cybersecurity professionals in May 2023 were not filled due to talent shortages, the white paper finds.

In Africa, there are approximately 20,000 certified security professionals in a continent of 1.4 billion people.

The challenge is certainly not exclusive to developing nations. In the UK, 43% of small and medium-sized enterprises (SMEs) haven’t been able to hire cybersecurity support and there are more than half a million vacancies for cybersecurity professionals in the US, despite it being ranked the world’s most digitally competitive nation.

Workers have more career choices than ever, which is partly due to our increasingly hyperconnected world. This means the cybersecurity industry must work harder to capture potential employees’ attention, such as illustrating value-based and multifaceted career paths, the white paper says.

The stakes can be high. Previous cyberattacks have revealed billions of individuals’ data records and cost billions of US dollars. Unsurprisingly, technical skills are often in the spotlight when it comes to careers in the cybersecurity industry. However, softer skills are also highly valued, “in order to be able to deal with the complexities of cybersecurity,” says Perucica, with communication, teamwork and troubleshooting skills forming a core part of professionals’ cyber journey.

Finding, hiring and training the millions of cybersecurity professionals required by 2030 is a vast challenge, so it is important that hired talent want to build long-term careers in the industry, says the white paper.

But it’s also important to remember that “cybersecurity is not just the responsibility of cybersecurity professionals, but it is also the responsibility of all the other employees working for the organization in question,” says Perucica. “Through their responsible behaviour and responsible use of digital technologies, like their devices, they contribute to the security of the overall organization.”