Organizations globally are suffering a crippling cybersecurity workforce “gap” of 2.9 million employees today, putting the majority at greater risk of attack, according to the latest estimates from (ISC)².

The global certifications body has introduced a new gap analysis methodology, which explains why the figures are so much higher than the predicted 1.8 million industry shortfall by 2022, a spokesperson confirmed to Infosecurity.

While previous models subtracted supply from demand, the new calculation considers things like the percentage of organizations with open positions and estimated growth of companies of different sizes. It also polled IT staff in small businesses that may not be security professionals but spend 25% or more of their day on these tasks.

The new 2018 (ISC)² Cybersecurity Workforce Study is therefore a more holistic and realistic representation of the picture on the ground, (ISC)² claimed.

The fast-growing APAC region is suffering the biggest shortfall of 2.14 million, followed by North America (498,000), EMEA (142,000) and Latin America (136,000).

Nearly two-thirds (63%) of organizations worldwide said they have a cybersecurity skills shortage and over half (59%) claimed this is putting them at “moderate” or “extreme” risk of attack.

Although nearly half (48%) said they plan to increase staff numbers in the next 12 months, it’s difficult to know where these are going to come from given the scale of shortages.

However, one positive new trend appears to be a wider representation of women in the industry, who now comprise a quarter (24%) of the workforce, more than double previous estimates (11%).

“By broadening our view of the workforce to include those with collateral cybersecurity duties within IT and ICT teams, we discovered that professionals are still facing familiar challenges, but also found striking differences compared to previous research, including a younger workforce and greater representation of women,” argued (ISC)² CEO, David Shearer.

Key barriers to career progression mentioned by respondents were unclear career paths (34%), lack of organizational knowledge (32%) and the cost of education to prepare for a career (28%).