Get access to the exclusive HR Resources you need to succeed in 2018.
Sign up for free email newsletters and get more SHRM content delivered to your inbox.
Is your employee handbook keeping up with the changing world of work? With SHRM's Employee Handbook Builder get peace of mind that your handbook is up-to-date.
Build competencies, establish credibility and advance your career—while earning PDCs—at SHRM Seminars in 14 cities across the U.S. this fall.
Gain the skills you need to rise to the next level in your career. Jon us at SHRM's Leadership Development Forum, October 2-3 in Boston.
Members may download one copy of our sample forms and templates for your personal use within your organization. Please note that all such forms and policies should be reviewed by your legal counsel for compliance with applicable law, and should be modified to suit your organization’s culture, industry, and practices. Neither members nor non-members may reproduce such samples in any other way (e.g., to republish in a book or use for a commercial purpose) without SHRM’s permission. To request permission for specific items, click on the “reuse permissions” button on the page where you find the item.
Demand for cybersecurity talent "significantly outstrips the supply of available workers" in every U.S. state, experts say.
U.S. employers posted 285,681 cybersecurity jobs during the 12-month period that ended in September 2017. Nationwide, more than 746,000 people work in cybersecurity jobs.
Those figures come from a new study by CyberSeek, a project maintained by the National Initiative for Cybersecurity Education (NICE), a program of the National Institute of Standards and Technology in the U.S. Department of Commerce. The study was released at the recent NICE Conference & Expo in Dayton, Ohio.
To illustrate the gap, CyberSeek published an interactive heat map that provides a granular snapshot of the supply and demand for cybersecurity roles at the state and local level.
"Regarding cybersecurity jobs, we've made some incremental progress in closing the gap over the past year, but not nearly as much as needs to be done," said Todd Thibodeaux, president and CEO of CompTIA, a nonprofit trade organization based in Downers Grove, Ill., that certifies IT professionals.
There just aren't enough people to fill the jobs—even though they pay well.
Glassdoor reports that the national average salary for a cybersecurity analyst is about $82,000; cybersecurity engineers average about $107,000.
The most in-demand cybersecurity positions range from those who operate and maintain security to those who manage workers and collect information to develop intelligence to thwart breaches.
"The range of job roles cited in CyberSeek reflects the multifaceted approach that's required to defend against an ever-expanding cybersecurity threat landscape," Thibodeaux added.
Washington, D.C., New York and Chicago are the cities with the largest number of cybersecurity job openings. Data from CyberSeek also reveals that cybersecurity positions are concentrated most heavily in the Washington, D.C., Baltimore and San Jose, Calif., markets.
"While we are seeing an increase in open positions, the talent shortage is real and it is impacting public- and private-sector organizations across the country," Thibodeaux told SHRM Online.
Public-sector organizations are feeling the strain: they posted 12,100 job openings for cybersecurity workers and already employ 31,634 workers in cybersecurity-related jobs in 2016, the study shows.
"Organizations that are struggling to find these tech workers may need to do a thorough review of what their staffing needs are and how they are going about trying to fill them," Thibodeaux said, adding that the review should examine how HR is recruiting new tech talent. He recommends HR professionals ask themselves:
While more U.S. IT professionals are turning to cybersecurity roles, hiring additional cybersecurity workers is important if companies want to thwart cybersecurity attacks.
[SHRM members-only toolkit: IT Staffing]
The Identity Theft Resource Center estimates that 8,037 data breaches that compromised personally identifiable information records have occurred between Jan. 1, 2005, and Nov. 1, 2017.
The average cost for businesses for each lost or stolen record containing sensitive and confidential information is $141, according to the Ponemon Institute's 2017 Cost of Data Breach Study.
"That cost jumps for businesses in financial services ($245) and health care ($380). Those dollar amounts do not include the cost of notifying affected parties," Thibodeaux said. "They also don't account for damage to your reputation."
"Cyber-criminals and hackers are always going to be ahead of the cyber-defenders, at least for the foreseeable future. The goal is to keep that gap between the bad guys and good guys as small as possible," he said. "But if the shortage of cybersecurity workers persists, the cyber professionals who are on the front lines will spend more time on the defensive, leaving less time for them to take proactive precautionary measures to thwart attacks before they happen."
Was this article useful? SHRM offers thousands of tools, templates and other exclusive member benefits, including compliance updates, sample policies, HR expert advice, education discounts, a growing online member community and much more. Join/Renew Now and let SHRM help you work smarter.
You have successfully saved this page as a bookmark.
Please confirm that you want to proceed with deleting bookmark.
You have successfully removed bookmark.
Please log in as a SHRM member before saving bookmarks.
Please sign in as a SHRM member before saving bookmarks.
Please purchase a SHRM membership before saving bookmarks.
An error has occurred
SHRM’s HR Vendor Directory contains over 10,000 companies