Europe demanding world’s fastest cybersecurity workforce growth as region’s skills shortfall is forecast at 350,000

June 06 2017

Study finds crippling shortfall of cybersecurity workers with a predicted skills gap for Europe of 350,000 by 2022

70% of hiring managers want to increase their workforce this year despite struggle to find qualified talent today

1% unemployment rate and high turnover creates disincentive to invest in training

London, 6th June 2017 – The largest-ever global survey of over 19,000 cybersecurity professionals, (3,694 from Europe), conducted by (ISC)2’, reveals that European organisations are planning the fastest rate of cybersecurity hiring in the world, with 38% of hiring managers in the region wanting to grow their workforce by at least 15% in the next year. This is despite the fact that two-thirds of organisations state that they currently have too few cybersecurity workers, as the region faces a projected skills gap of 350,000 workers by 2022.

The report calls for employers to do more to embrace newcomers and a changing workforce, as 92% of hiring managers admit they prioritise previous cybersecurity experience when choosing candidates, and that most recruitment comes from their own professional networks. Hiring managers identified that they are relying on their social and professional networks (48%), followed closely by their organisation’s HR department (47%), as their primary source of recruitment.

The latest report, Benchmarking Workforce Capacity and Response to Cyber Risk, released from the 2017 Global Information Security Workforce Study, the 8th Edition of the study, which has been running since 2004, offers a deep dive into the growing cybersecurity skills gap. It shows that strong recruitment targets, a shortage of talent, and disincentives to invest in training are contributing to the skills shortage with 70% of employers around the globe looking to increase the size of their cybersecurity staff this year. The demand is set against a broad range of security concerns which continue to develop at pace, with the threat of data exposure clearly identified as today’s top security concern amongst professionals around the world. Concern over data exposure reflects the advent of new regulations aimed at enhancing data protection around the world, including Europe’s General Data Protection Regulation to be in force by May 2018. The Study was conducted by Frost & Sullivan for the Center for Cyber Safety and Education, with the support of (ISC)², Booz Allen Hamilton and Alta Associates.

The report describes a revolving door of scarce, highly paid workers amidst a non-existent unemployment rate of just 1% in Europe. Organisations are struggling to retain their staff, with 21% of the global workforce stating they have left their jobs in the past year, and facing high salary costs, with 33% of the workforce in Europe in particular making over $100,000 USD / EUR 95,000 / GBP 78,000 per year.

“The combination of virtually non-existent unemployment, a shortage of workers, the expectation of high salaries, and high staff turnover that only increases among younger generations createsboth a disincentive to invest in training and development and a conundrum for prospective employers: how to hire and retain talent in such an environment?” states the report.

Recruitment and professional development strategies must change

Recommends made suggest that organisations adapt their approach to recruitment and draw from a broader pool of talent. This is backed by findings that show workers with non-computing related backgrounds, account for nearly a fifth of the current workforce in Europe and that they hold positions at every level of practice, 63% at manager or above.

It also highlights a mismatch between the skills recruiters are looking for and workers’ priorities for developing a successful career, suggesting skills sets may not be keeping pace with requirements. Currently, the top two skills workers are prioritising include ‘cloud computing and security’ (60%) and ‘risk assessment and management’ (41%), while employers prioritise looking for communication (66%) and analytical skills (59%). Only 25% and 20 % of workers are prioritising communication and analytical skills respectively.

Key recommendations include:

Looking beyond Social and Professional networks as the main channel of recruitment. to open doors for new, younger and more diverse talent.

Accepting the need to Invest in development and training: More talent is needed to stem the high levels of movement on job markets.

Better Communication of current employer requirements: Workers prioritise different skills for their professional development than what employers look for in the workforce

Embracing a broader talent pool: Individuals with non-technical backgrounds often rise to become key decision makers, with 30% of Directors, Executive Management and C-suite professionals in Europe beginning in non-technical careers.

Adrian Davis, Managing Director, EMEA at (ISC)² said: “There are real structural concerns hampering the development of the job market today that must be addressed. It is particularly concerning that employers appear reluctant to invest in their workforce and are unwilling to hire less-experienced candidates. If we cannot be prepared to develop new talent, we will lose our ability to protect the economy and society.”

Jarad Carleton, Principal Consultant, Frost & Sullivan said: Businesses cannot afford to ignore investing in training and development programmes for their workforces. Those that do so will become much easier potential targets for cyber criminals and risk facing high profile hacks similar to those we have seen in recent weeks. Europe has traditionally been strong at investing in its workforce, and must continue to provide regular training and recruit from non-technical backgrounds to help ease the skills shortage. We predict the skills gap to become much more acute in the coming years if businesses fail to do so.

Mahbubul Islam, Head of Secure Design (Project), The Department for Work and Pensions (DWP) UK said: "There are challenges in employers finding talent with relevant knowledge, exposure and experience within our industry. Employers should pick two out of three areas, and allow the talent to develop the third. It is important to take advantage of candidates with knowledge and experience and trust them in their respective skill set to deliver to their maximum potential."

The full report can be downloaded here: http://iamcybersafe.org/GISWS/

About the Center for Cyber Safety and Education

The Center for Cyber Safety and Education (The Center), formerly the (ISC)² Foundation, is a nonprofit charitable trust committed to making the cyber world a safer place for everyone. The Center works to ensure that people across the globe have a positive and safe experience online through their educational programs, scholarships and research. Visit www.iamcybersafe.org.

About (ISC)²®

(ISC)² is an international nonprofit membership association focused on inspiring a safe and secure cyber world. Best known for the acclaimed Certified Information Systems Security Professional (CISSP®) certification, (ISC)² offers a portfolio of credentials that are part of a holistic, programmatic approach to security. Our membership, over 120,000 strong, is made up of certified cyber, information, software and infrastructure security professionals who are making a difference and helping to advance the industry. Our vision is supported by our commitment to educate and reach the public through our charitable foundation – The Center for Cyber Safety and Education. Visit www.isc2.org.

© 2017 (ISC)², Inc., (ISC)², CAP, CCFP, CCSP, CISSP, CSSLP, HCISPP, SSCP and CBK are registered marks of (ISC)², Inc.

PR contact:

AprilSix Proof

Amita Hanspal

+44 (0)20 3141 2984

Isc2@aprilsixproof.com