The security landscape is constantly changing, and often the best way to reflect that change is by looking at the latest cyber security statistics from the job market. That’s why I’ve compiled a list of the most important cyber stats from 2022. Let’s dive right in!
Global Cyber Security Statistics for the Job Market
As you’re probably aware, cyber security is one of the hottest and most lucrative careers to embark upon.
- That’s why there are an estimated 5.5 million people (8.7% increase) working in the global cyber security sector, of which over 1.3 million (11% increase) are located in the US.2 Even with those high numbers, the global cyber security workforce gap increased by 12.5% to 4 million (with the US accounting for over 520,000 of those, a 19.7% increase).2
- And although an additional 440,000 cyber security jobs were filled in 2023 globally (an 8.7% rise over 2022), the industry simultaneously experienced a 12.6% increase in the cybersecurity workforce gap. This means that demand still heavily outweighs supply.2
- The most explosive regions of growth are the Middle East and Latin America regions, experiencing a decrease in the workforce gap of -7.1% and -32.5%, respectively.2
Problems With Cyber Security Funding
As with any business sector, funding is always a key talking point. Cyber security is often seen as a financial outlay by companies. This is despite the fact that it saves companies money and reputation by minimizing their security incidents.
However, the latest cyber security statistics show that, although funding is still an issue, the industry is at least moving in the right direction.
- 45% believe their current cyber security programs receive funding that’s appropriate or above expected, which is up 1% from the year prior, while 54% believe their cybersecurity budgets are underfunded.1 Although 51% of respondents do expect budgets to increase, while 38% expect security budgets to remain at current levels.1
Cyber Security Staffing Statistics
A company’s defense is only as good as the cyber security staff looking after it. Therefore, it’s important to understand the stats behind the current security workforce.
ISACA Statistics
- An ISACA report found that 59% of professionals stated they were understaffed on some level while only 36% claimed their company was “appropriately” staffed. Only just 3% stated their companies had more staff than needed.1
- Technical positions are the most commonly unfilled positions in cyber security. 67% claimed it takes over three months to fill an open position. This is considering that 71% of companies had vacant/unfilled security positions.1
ISC2 Statistics
Staff shortages are an issue for many companies at the moment, as the demand for cyber security professionals far outweighs to supply.
- An ISC2 report found that about 67% of cyber professionals think their current company doesn’t have enough staff to function effectively, of which 21% of respondents claimed their companies have a “significant shortage” of cyber security employees to deal with security problems.2 With the resulting staff shortage, 9% think their company is at “extreme risk” of a cyberattack, while another 48% described it as a “moderate risk”.2
- Of the companies suffering from staff shortages, 41% blamed it on not being able to find enough qualified talent. Other cited reasons were lack of budget (34%), a lack of competitive salary (30%), and not being able to keep up with turnover or via attrition (27%).2
- To reduce staff shortages, a vast majority of respondents claimed their organizations are planning or currently implementing investments in training (72%), flexible working conditions (69%), DEO initiatives (68%), certification programs (67%), and recruiting, hiring, and onboarding of new staff (67%).2
- In fact, only 10% believe HR teams “always” understand their cyber security hiring needs.1
Cyber Security Job Satisfaction Statistics
Plenty of security professionals leave their jobs in search of increased salary, benefits, flexibility, and overall job satisfaction.
- Of the top three reasons why cybersecurity professionals left their jobs, 58% indicated employees were recruited by other companies, 54% left due to poor financial incentives, and 48% left due to limited promotional/developmental opportunities.1
- Around 75% claimed they were somewhat or very satisfied with their current cyber security job. Only 68% are satisfied with their current team, 62% with their department, and 60% with their company as a whole.
Job satisfaction is an important metric for companies to measure as they look to combat staff shortages in their cyber security teams. Several reasons why job satisfaction suffered:
- Of the reasons for job dissatisfaction, too many tasks and emails (30%), lack of support from managers (24%), and low pay (23%) were were the biggest contributor to negative job satisfaction.2
- 55% of employees have flexible work options and remote working opportunities, and 59% state they would always prefer to work remotely.2
- 62% of low-level workers claim they are more productive when they work remotely. 35% of managers stated that remote workers are not as productive as onsite workers.2
- As a way to improve job satisfaction, 64% of companies are providing more flexible working options, such as remote working, in order to improve staff shortages, 64% are investing in training, and 62% are hiring new staff.2 71% of organizations with more than 10,000 employees are ticking all three of these boxes.2
Cyber Security Skills Gap
There are plenty of technical skills to learn if you hope to carve a career in the cyber security world. Even still, there are plenty of known skill gaps within the industry. According to ISACA:
- 52% thought cloud computing was the second most important skill in immediate need.1 The most important was reserved for soft skills (54%), of which communication skills was ranked highest.1 And only 16% said that honesty was among the most important skill needed.1
Luckily, companies are reportedly taking steps to address these gaps as they look to improve their overall cyber security defense.
- When asked what their companies had done to decrease “technical cyber security skill gaps”, 45% said training non-security staff who are keen on becoming security staff, 42% said outside consultants and contract employees, and 25% said more reliance on AI – which is up from 22%.1
- The most common steps companies are taking to reduce skill gaps are using online learning websites, mentoring, and holding corporate training events. Surprisingly, 3% claimed their company has no skills gaps.
Recent Graduates
Recruiting recent graduates presents a great learning opportunity for graduates as well as an opportunity to train them. However, bringing in new candidates does come with a new set of challenges.
- Prior hands-on experience is the most important factor that impacts hiring, according to 73% of workers.1 That’s not surprising considering only 27% agree or strongly agree that recent university graduates are prepared for their new role.1
- For those with less than three years’ worth of cyber security experience, the top three skills that need extra training are said to be security controls, soft skills, and network-related topics.1 The problem is that 38% say there’s insufficient time to effectively train each member of the security team, which is a 15% rise from 2021.2
- Only 44% of cyber security professionals manage people who have under three years of industry experience placing a strain on the more experienced and aging workforce.1
College Degrees
While some companies require all cyber security professionals to have a degree, other organizations look to open their doors to a greater number of applicants by eliminating this requirement.
- Only 52% of organizations ask for a university degree in order to be hired in an entry-level role, down 6%.1
- 33% of those who work for companies that require university degrees for entry-level roles agree or strongly agree that graduates are “well prepared” for the job.1 On the other hand, 23% of those who work for companies that don’t require university degrees for entry-level roles agree or strongly agree that graduates are “well prepared” for the job.1
- Interestingly enough, the Middle East and Oceania regions have seen the biggest drop in degree requirements for entry-level positions.1
Cyber Security Diversity Statistics
Diversity is an important part of any modern workplace, and cyber security is no different. However, cyber security statistics show that the cyber world has a long way to go before racial and gender inequality is fully addressed. This may open the doors to a greater number of people hoping to make a career in cyber security in the future.
Gender Differences
- 30% of cyber security professionals under the age of 30 are female, but only 14% of those over the age of 60 are women.2
- Out of all C-Level executives aged 50 or over, only 10% are women.2 However, 35% of executives in their 30s are now female. Out of all respondents in advanced, non-managerial positions, only 17% were female.2
- 30% of female respondents say they feel discriminated against at work.2
Some countries are making a lot more diversity progress than others…
- The most gender-diverse countries for cyber security are Nigeria and Mexico, both with 34% female employees. Ireland, Brazil, and India follow behind with 33%, 31% and 30%, respectively.2 The least gender diverse is Japan with just 10%, followed by Germany (13%), the United States (13%), the United Kingdom (16%), and the Netherlands (16%).2
Racial Equality
- Across the US, UK, Canada, and Ireland, 70% of cyber security professionals aged 60 or over are white men. However, out of those under the age of 30, only 40% are white men.2
- Higher positions within cyber security are less diverse than starting-level positions, with 23% of C-Level executives identifying as non-white, while 47% of entry-level cyber security professionals are non-white.2 The trend is that non-white cyber security professionals tend to be younger and in lower positions.2
- 18% of non-white cyber security professionals say they feel discriminated against at work.2
DEI Initiatives
DEI, which stands for diversity, equity, and inclusion, is an important part of any company hoping to address systemic problems and offer equal opportunities to all.
- Out of all respondents, only 40% revealed their organizations provide DEI training.2
- Of the companies that implement DEI initiatives, only 19% are experiencing significant staff shortages. Of those that don’t have any DEI initiatives and have no plans of introducing any, 34% are experiencing staff shortages.2
- 55% of respondents expect the workforce to be more diverse in just two years’ time.2
Cyber Security Salary Statistics
One of the first things a prospective employee looks at before applying for a job is the earning potential. Fortunately, companies are willing to pay attractive salaries to get the best employees through the door. Take a look at salary by region:
(ISC)2 Cybersecurity Workforce Study, 2022 Region Salary United States $135,000 North America $134,800 EMEA $93,535 APAC $59,379 LATAM $22,185 Level of education can also impact the average salary a cyber security professional can expect to earn within the industry, with a Doctoral/Post-Doctoral providing the best chance at earning the highest.
- On average, those with a Doctoral or Post-Doctorate in the cyber security industry earn $150,000. Those with a Master’s degree earn $142,000. A Bachelor’s degree results in $130,000. And an Associate’s degree or high school diploma leads to an average of $127,750.2
Interested in More…
Human Resources
It’s important for organizations to streamline their cyber process from top to bottom, and that includes hiring the right people through HR. Unfortunately, for some companies, there’s a disconnect between the cyber security and the HR teams, with some less-than-favorable results cropping up.
What Is the Best Job in Cyber Security?
Top 10 Cybersecurity Companies to Work for in 2023
Ways to Work in Cyber Security Without a Degree!
Is Cyber Security Right for Me?
Sources:
1. “State of Cybersecurity 2022: Global Update on Workforce Efforts, Resources and Cyberoperations” report published by ISACA in 2022. Available at: https://www.isaca.org/state-of-cybersecurity-2022.
2. “(ISC)2 Cybersecurity Workforce Study, 2022” report published by (ISC)2 in 2022. Available at: https://www.isc2.org/Research/Workforce-Study.