Cybersecurity industry short nearly 4 million professionals

New report shows global workforce shortage hitting cybersecurity sector

Cybersecurity industry short nearly 4 million professionals

Nearly four million professionals are needed in the cybersecurity industry as the global shortage of workers begins hitting the sector, according to the World Economic Forum.

In its latest white paper, the WEF said the global talent shortage is estimated to reach more than 85 million workers by 2030.

"The cybersecurity industry is also affected by this pervasive challenge," the report read. "While the cybersecurity workforce grew by 12.6% between 2022 and 2023, there is a shortage of nearly four million cybersecurity professionals worldwide."

Workforce shortage breakdown

The shortage is most evident in the Asia-Pacific region, which needs more than 2.5 million cybersecurity workers, according to the report.

North America has a workforce gap of 522,000 people, while in Africa, only around 20,000 are certified security professionals out of its 1.4 billion population.

By nation, the report said the talent shortage is most observed in China, India, the United States, and Brazil.

In India, which has the world's largest youth populations, an estimated 40,000 job openings remain unfilled for cybersecurity professionals, according to the report.

In the US, there is also an estimated 448,000 cybersecurity job vacancies across the private and public sectors.

Factors to the workforce shortage

According to the report, factors contributing to the workforce shortage include the rapid evolution of the cybersecurity landscape.

It "outpaces the development of a commensurate workforce," the report read.

Another factor is the lack of diversity within the workforce, where there are fewer professionals from women, migrants, ethnic minorities, and neurodiverse employees.

According to the report, other factors contributing to the shortage include:

  • Inability of some employers to compete with the salaries offered by other organisations
  • Misalignment among educational programmes
  • The evolving needs of the cybersecurity industry
  • Lack of clarity about career opportunities in the field

Addressing the shortage

To address the cybersecurity workforce shortage, the report identified four key priority areas, including:

  • Attracting talent into cybersecurity
  • Educating and training cybersecurity professionals
  • Recruiting the right cybersecurity talent
  • Retaining cybersecurity professionals

"It is important to note that the four priority areas should not be viewed in isolation but as interconnected components of a comprehensive cybersecurity talent-management approach," the report read.

Among the recommendations made under attracting talent into cybersecurity include being flexible and adaptable to reflect the sector's evolving landscape.

Employers should also offer competitive salaries and comprehensive benefits packages, highlight learning and career-development opportunities, focusing on upskilling and promoting in-house talent, as well as prioritising diversity and inclusion. 

Source: WEF's Strategic Cybersecurity Talent Framework