A recent survey of more than 19,000 cyber security professionals found that the world is expected to face a shortfall of 1.8 million cyber security workers by 2022, a 20 percent increase from the projection made by a similar study in 2015.
The survey, conducted by the Center for Cyber Safety and Education and sponsored by (ISC)2, also found that 47 percent of respondents are struggling to find qualified personnel.
In the U.K., the survey found, 46 percent of companies say the shortfall of cyber security personnel is having a significant impact on their customers, and 45 percent say the shortfall is causing cyber security breaches.
Forty-six percent of U.K. respondents hope to expand their cyber security workforce by more than 16 percent in the next 12 months, but the skills shortage is holding them back from doing so.
The skills shortage also seems to be inflating salaries — almost three quarter of U.K. cyber security professionals earn more than ?47,000 a year, and 39 percent earn more than ?87,000.
Just 10 percent of U.K. respondents say the greatest demand for new cyber security hires is at entry level — only 6 percent are hiring from university graduates, and 93 percent say previous cyber security experience is an important factor in their hiring decisions.
“Industry is experiencing a talent shortfall because employers are too focused on recruiting people with existing cyber security experience, which is like complaining that there’s a shortage of pilots but refusing to hire anyone who is not already an experienced pilot,” Lucy Chaplin, manager at KPMG’s Financial Services Technology Risk Consulting, said in a statement. “We find that hiring and training inexperienced people pays off in better retention rates and a more diverse workforce.”
A separate ESG survey [PDF] of 633 senior IT and cyber security professionals worldwide found that 46 percent of respondents now face a problematic shortage of cyber security skills, a significant increase from 28 percent of respondents to a similar survey last year.
When asked to identify the areas in which skills development would be most beneficial to their employees’ career paths and to the organization as a whole, 44 percent pointed to cyber security, 26 percent said big data analytics, and 17 percent pointed to infrastructure management.
And when asked in which areas of cyber security their organization has the greatest skills deficiency, cloud security specialists was the leading response at 33 percent, followed by network security specialists (28 percent), security analytics (27 percent), and data security specialists (26 percent).
Fully 87 percent of respondents said it’s very difficult, difficult, or somewhat difficult to recruit and hire cyber security professionals.
Fifty-two percent of respondents said a competitive salary is the best way to attract potential candidates, followed by the ability for new employees to work with leading cyber security technologies and processes (40 percent) and side benefits related to training and skills development (35 percent).