Study: More Cybersecurity Workers Needed

By Aliah D. Wright Aug 1, 2016

Good cybersecurity professionals are hard to find—everywhere.

According to Hacking the Skills Shortage, a global report outlining the talent shortage crisis affecting the cybersecurity industry across companies and nations, 82 percent of IT professionals said there is a shortage of people with cybersecurity skills.

What's more, 71 percent of respondents said the shortage is "responsible for direct and measureable damage to organizations whose lack of talent makes them more desirable hacking targets," according to a news release.

The report was conducted by Intel Security, a division of computing company Intel, and the Center for Strategic and International Studies (CSIS). It was released in late July.

The 2016 Cost of Data Breach report from Michigan-based consultancy Ponemon Institute revealed that the average total cost of a data breach for the 383 companies participating in its research increased from $3.79 million to $4 million this year.

"A shortage of people with cybersecurity skills results in direct damage to companies, including the loss of proprietary data and intellectual property," said James A Lewis, senior vice president and director of the Strategic Technologies Program at CSIS. "This is a global problem; a majority of respondents in all countries surveyed could link their workforce shortage to damage to their organization."

According to a 2014 report from Burning Glass Technologies in Boston, demand for cybersecurity professionals grew 3.5 times faster than demand for other IT positions and 12 times faster than for all other jobs over the past five years.

In 2015, 209,000 cybersecurity jobs went unfilled in the United States, according to the report. Even though 1 in 4 respondents said their organizations have lost proprietary data as a result of this cybersecurity skills gap, there are no signs of this workforce dearth diminishing.

Those surveyed "estimate an average of 15 percent of cybersecurity positions in their company will go unfilled by 2020," according to the release from Intel Security. 

The need for a strong cybersecurity workforce is critical, experts say, especially with the rise in mobile and cloud computing and the growing turn toward the Internet of Things--the multitude of devices connect to the Internet--as well as sophisticated cyberattacks and cyberterrorism worldwide. 

"The security industry has talked at length about how to address the storm of hacks and breaches, but government and the private sector haven't brought enough urgency to solving the cybersecurity talent shortage," said Chris Young, senior vice president and general manager of Intel Security Group.

The Intel report analyzed four dimensions that make up the cybersecurity talent shortage:

  1. Cybersecurity Spending: Countries and industry sectors that spend more on cybersecurity are able to deal with the workforce shortage better, the report reveals.
  2. Education and Training: Only 23 percent of respondents say education programs are preparing students to enter the industry. According to the report, "non-traditional methods of practical learning, such as hands-on training, gaming and technology exercises and hackathons," were more effective in increasing cybersecurity skills. "More than half of respondents believe that the cybersecurity skills shortage is worse than talent deficits in other IT professions, placing an emphasis on continuous education and training opportunities," the report states.
  3. Employer Dynamics: While salary is the top motivating factor in recruitment, other incentives are important in recruiting and retaining top talent, such as training, growth opportunities and reputation of the employer's IT department.
  4. Government Policies: About 76 percent of respondents say their governments "are not investing enough in building cybersecurity talent. This shortage has become a prominent political issue as heads of state in the U.S., U.K., Israel and Australia have in the last year called for increased support for the cybersecurity workforce.

Educating people is critical, experts said, yet only 19 percent of high school students in the United States take computer science courses, a percentage that has dwindled over the last 20 years, according to the National Science Foundation.

Some 500 IT decision-makers involved in cybersecurity in the public and private sectors were interviewed in May 2016 in the U.S., the U.K., France, Germany, Australia, Japan, Mexico and Israel for the Intel report.

"To address this workforce crisis, we need to foster new education models, accelerate the availability of training opportunities and ... deliver deeper automation so that talent is put to its best use on the frontline," Young said. "Finally, we absolutely must diversify our ranks."


Job Finder

Find an HR Job Near You
Post a Job


Find the Right Vendor for Your HR Needs

SHRM’s HR Vendor Directory contains over 10,000 companies

Search & Connect