A new report out from Cybersecurity Ventures estimates there will be 3.5 million unfilled cybersecurity jobs by 2021, up from 1 million openings last year.

Employment figures from the U.S. and India highlight the cybersecurity labor crisis.

In 2017, the U.S. employs nearly 780,000 people in cybersecurity positions, with approximately 350,000 current cybersecurity openings, according to CyberSeek, a project supported by the National Initiative for Cybersecurity Education (NICE), a program of the National Institute of Standards and Technology (NIST) in the U.S. Department of Commerce.

The current number of U.S. cybersecurity job openings is up from 209,000 in 2015. At that time, job postings were already up 74 percent over the previous five years, according to a Peninsula Press analysis of numbers from the Bureau of Labor Statistics.

At this rate, the U.S. is on pace to hit a half-million or more unfilled cybersecurity positions by 2021.

The National Association of Software and Services Companies (NASSCOM) recently estimated that India alone will need 1 million cybersecurity professionals by 2020 to meet the demands of its rapidly growing economy.

Demand for security professionals in India will increase in all sectors due to the unprecedented rise in the number of cyber attacks, according to NASSCOM. Despite having the largest information technology talent pool in the world, India is highly unlikely to produce an adequate number of professionals to close the cybersecurity skills gap.

"Every IT position is also a cybersecurity position now" according to the Cybersecurity Jobs Report, 2017. "Every IT worker, every technology worker, needs to be involved with protecting and defending apps, data, devices, infrastructure, and people."

If that's true, then the cybersecurity workforce shortage is even worse than what the jobs numbers suggest.

Cyber crime costs to increase $3 trillion

Cyber crime is expected to cost the world $6 trillion by 2021, up from $3 trillion in 2015. This includes damage and destruction of data, stolen money, lost productivity, theft of intellectual property, theft of personal and financial data, embezzlement, fraud, post-attack disruption to the normal course of business, forensic investigation, restoration and deletion of hacked data and systems, and reputational harm.

Last but not least, on the list of cyber crime damages is increased demand for cyber defenders in a market that is already scrambling for talent. In fact, the lack of qualified cybersecurity workers may be the greatest cyber risk of all.

If there's an upside to the labor mess, it's an opportunity for managed security service providers (MSSPs). MSSPs perform “most of the cutting-edge work” in cybersecurity, and they present an alluring draw for fresh candidates, according to a story in the MSSP Alert. Companies engaging with MSSPs could benefit from a talent infusion without incurring some of the burdens of locating, educating and recruiting new people.

Some of the largest players in the cybersecurity field are honing in on the employment problem. FireEye's future direction is described as "Cyberhumans as a Service" in a recent CSO story. Cisco and IBM announced a new partnership last month that is geared to help short-staffed CISOs cope with the growing cyber threat.

The CSO Business Report will be back soon with strategies and insights around recruiting and retaining cybersecurity staff.