The 2017 Global Information Workforce Study (GISWS), based on a survey of 19,641 cyber security professionals in 170 countries, anticipates that the cybersecurity workforce gap will reach 1.8 million by 2022, a 20 percent increase over the same study's forecast made in 2015.
The study, conducted by Frost & Sullivan for (ISC)2's Center for Cyber Safety and Education, also found that 66 percent of respondents said there aren't enough cyber security workers in their organizations to meet the challenges they currently face.
As a result, unemployment among information security professionals is currently at 2 percent globally, and the average information security worker in North America is paid $120,000 per year.
Understanding the Shortage
The leading reasons for the worker shortage, the study found, are that qualified personnel are difficult to find (49 percent), requirements aren't understood by leadership (42 percent), business conditions can't support additional personnel (41 percent), security workers are difficult to retain (31 percent), and there's no clear information security career path (31 percent).
In response, 70 percent of hiring managers worldwide are planning to increase the size of their cyber security staff this year. A third are planning to increase the size of their departments by 15 percent or more, and 20 percent are planning to do so by more than 20 percent
The most sought after positions are in Operations & Security Management, with 62 percent of respondents saying there are too few occupying those positions, followed by Incident & Threat Management and Forensics at 58 percent.
"It is clear, as evidenced by the growing number of professionals who feel that there are too few workers in their field, that traditional recruitment channels are not meeting the demand for cybersecurity workers around the world," the report states. "Hiring managers must therefore begin to explore new recruitment channels and find unconventional strategies and techniques to fill the worker gap."
An Expanding Workforce Gap
A separate Cybersecurity Ventures report, sponsored by Herjavec Group, predicts an even greater workforce gap, anticipating that there will be 3.5 million unfilled cyber security positions by 2021.
According to the CyberSeek project, there are currently almost 780,000 people employed in the cyber security workforce in the U.S., and just under 350,000 cyber security job openings.
"Unfortunately, the pipeline of security talent isn't where it needs to be top help curb the cybercrime epidemic," Herjavec Group founder and CEO Robert Herjavec said. "Until we can rectify the quality of education and training that our new cyber experts receive, we will continue to be outpaced by the black hats."
"There is a zero-percent unemployment rates in cyber security, and the opportunities in this field are endless," Herjavec added. "Gone are the days of siloed IT and security teams. All IT professionals need to know security -- full stop."