IE 11 Not Supported

For optimal browsing, we recommend Chrome, Firefox or Safari browsers.

Government Implications from the ISC2 2024 Cyber Workforce Study

ISC2 just released their 2024 cyber workforce report, and the key findings are eye-opening for public-sector employees. Here’s what you need to know.

Digital illustration of a yellow lock in a circle surrounded by yellow lines and arrows.
Shutterstock/deepadesigns
The 2024 ISC2 Cybersecurity Workforce Study was released on Thursday, Oct. 31, and the annual report shows that economic conditions have significantly impacted the cyber workforce.

At the same time that 74 percent of respondents say the threat landscape is the most challenging they’ve experienced in the last five years, many fear cutbacks are coming in their industries.

On a positive note for the public sector, cybersecurity cutbacks were not as highly anticipated for public-sector industries as some others. While hosted/cloud services, real estate and automotive were among the industries with the highest expectation of cutbacks in the coming year, public-sector industries, including military (16 percent), government (24 percent) and utilities (25 percent), expect lower rates of cybersecurity cutbacks in the future.

Some key findings within the report that surveyed a record 15,852 international practitioners and decision-makers, of which 10 percent were from government:
  • Almost 60 percent of respondents agree that skills gaps have significantly impacted their ability to secure the organization, with 58 percent stating it puts their organizations at a significant risk.
  • With the ever-evolving AI landscape, hiring managers are prioritizing nontechnical skills like problem-solving that will be transferable through the increased use of AI, and 53 percent of respondents believe GenAI will result in certain cybersecurity skills becoming obsolete.
  • An effective GenAI strategy is paramount, with 90 percent of respondents saying they have some policies related to GenAI and 65 percent saying their organization needs to implement more regulations on the safe use of GenAI.
This ISC2 report highlight summary page offers these additional executive summary insights:

“Each year, the ISC2 Cybersecurity Workforce Study assesses the state of the cybersecurity workforce to understand the composition of the talent and skills base, including looking at the size of the workforce and its shortages. We also look at the concerns of professionals in relation to their jobs, the cybersecurity and economic landscapes, and the perceived cybersecurity needs of society from the perspective of those charged with protecting our digital world.

“This year, we learned that the economic conditions have significantly impacted the workforce, leading to both talent shortages and skills gaps at a time when need has never been greater. At the same time, cybersecurity professionals are increasingly turning to AI, particularly generative AI (Gen AI), to help them drive transformation, cope with demand and shape strategic decisions within their organizations.

“Hiring managers are prioritizing transferable skills that will complement AI adoption, such as problem-solving, over technical skills like cloud computing security or risk analysis. We found that while cybersecurity teams have ambitious plans for AI within the cybersecurity function, they anticipate the biggest return on investment will occur in two or more years. As a result, they are not immediately overhauling their practices to adopt AI. Cybersecurity professionals are also conscious of the additional risks AI will introduce across the organization. As different departments adopt AI tools, cybersecurity teams are encouraging their organizations to create comprehensive AI strategies. …”

The following key findings have more detailed descriptions under each topic. Respondents don’t believe their cybersecurity teams have sufficient numbers or the right range of skills to meet their goals.
  • Participants’ pathways to enter the cybersecurity workforce are changing, as are their priorities.
  • Diverse backgrounds can help solve the talent gap.
  • The expected advancements of AI will change the way cyber respondents view their skills shortage.
  • Cyber professionals are confident GenAI will not replace their role.
  • GenAI presents benefits and challenges for cybersecurity.
  • Organizations need a GenAI strategy to responsibly implement the technology.

PUBLIC-SECTOR WORKFORCE FOCUS PERCENTAGES


  • Twenty-six percent of respondents working in government roles say GenAI is built into the cybersecurity teams’ tools (45 percent of all respondents/industries)
  • Twenty-three percent of hiring managers working in government roles are looking for AI/machine learning (ML) skills right now when hiring (24 percent of all respondents/industries)
  • Forty percent of professionals (non-hiring managers) working in government roles think AI/ML skills are most in demand for security professionals looking to advance their careers (37 percent of all respondents/industries)
  • Sixty-eight percent of respondents working in government roles say their organization needs to implement more regulations on the safe use of GenAI (65 percent of all respondents/industries)
  • Forty-eight percent of respondents working in government roles believe GenAI will result in certain cybersecurity roles becoming obsolete/replaced (53 percent of all respondents/industries)
  • Forty-nine percent of respondents working in government roles believe GenAI will result in certain cybersecurity skills becoming obsolete/replaced (51 percent of all respondents/industries)

OUR CHALLENGING ECONOMY


According to the report, "challenging economic conditions led to increased resource reductions in cybersecurity. In 2024, 25 percent of respondents reported layoffs in their cybersecurity departments, a 3 percent rise from 2023, while 37 percent faced budget cuts, a 7 percent rise from 2023. These cuts have immense impacts on cybersecurity teams’ ability to secure the organization.

"Respondents say they don’t have the staff they need to meet their goals. Sixty-seven percent of respondents indicated they had a staffing shortage this year. Layoffs and budget cuts exacerbate security team shortages, which participants have told us are a persistent issue every year of this study. This has huge implications, as respondents say that a worker shortage was their biggest challenge over the past 12 months, and they predict a worker shortage will continue to be a significant challenge over the next two years."

BIG CYBER WORKFORCE GAP, BUT...


As shown in other recent ISC2 reports, the workforce gap for cybersecurity is very large globally.

This latest study estimates the cybersecurity global workforce to be 5,468,173 employees. This is a 0.1 percent increase from 2023. This change resulted from growth in the Middle East and Africa (7.4 percent) and the Asia-Pacific (3.8 percent). This growth was countered by reductions across Europe (-0.7 percent), North America (-2.7 percent) and Latin America (-0.9 percent) cybersecurity workforces.

Even with increases in certain regions, the cybersecurity workforce growth is slowing — there was an 8.7 percent workforce increase between 2022 and 2023 with every region adding to their ranks. This year’s numbers suggest that hiring has slowed for 2023–2024.

“Our workforce gap estimate methodology considers the security team shortages, as reported by our study participants, and the staff needed to adequately keep their organizations secure. It also incorporates the workforce size estimate previously mentioned and other primary and secondary data sources. This year, the workforce gap was 4,763,963 people. (For more information about ISC2’s workforce gap estimate methodology, see Appendix B.) This is a 19.1 percent increase from 2023, with the greatest rise in Asia-Pacific and Europe (see Figure 3 in the report).”

Readers should please note that this is NOT the number of global job openings in cybersecurity. And yet, the continued workforce need is large and growing.

FINAL THOUGHTS


The recent ISC2 Security Congress 2024 focused on the rising level of global cyber threats facing the world. This blog highlights similar things each week, in areas such as ransomware.

At the same time, the global cyber workforce seems to be smaller for various reasons. This new reality is in sync with other reports that focused on slowing cyber spending.

Will AI change the landscape moving forward? No doubt.

Nevertheless, there is still a huge need for skilled cybersecurity professionals, and the public sector is currently one of the hottest places to get a job in cybersecurity in November 2024.
Daniel J. Lohrmann is an internationally recognized cybersecurity leader, technologist, keynote speaker and author.