America’s cybersecurity workforce grew 11 percent year over year in 2023, adding roughly 1.3 million cyber professionals. At the same time, America’s cyber workforce gap grew 17.6 percent year over year — or by about 480,000 positions. ISC2 emphasizes that the cyber workforce gap represents the difference between available cyber hires and the number of professionals that organizations would need to properly secure themselves. It does not, however, reflect how many organizations are actually ready and budgeted for hiring.
America’s cyber labor supply and need both outpaced international averages. Globally, the cyber workforce increased just shy of 9 percent year over year, while the global gap grew 12.6 percent in that period.
Looking at the global picture, cyber staffing shortages are also particularly likely to afflict governments, with 78 percent of respondents from this sector reporting shortages, compared to 67 percent of respondents overall.
And all this comes at a time when the risks are high. According to 78 percent of government respondents — and 75 percent of all respondents — today’s cyber threat landscape is the most challenging seen since 2018.
Organizations are most keenly feeling skill gaps in three key areas, according to ISC2’s 14,865 international survey respondents: cloud computing security, AI and machine learning, and zero-trust implementation. ISC2 suggested organizations invest in trainings, especially to help compensate for cyber staff shortages.
As today’s cyber workforce grows, its demographics are also shifting. Diversity — something that the majority of cybersecurity professional respondents said is important — is improving in some countries, especially regarding race and ethnicity.
White men have traditionally dominated the cyber field in the U.S., Canada, Ireland and the U.K., especially in older age brackets. They make up more than half of workers ages 39 and up, and 70 percent of cybersecurity professionals ages 60 and up. A more diverse pool of candidates is entering the profession, however, and 66 percent of the people who entered cyber careers in these countries during the last 12 months were not white.
Improved diversity is especially evident among younger cyber professionals. Among those under 30 years old, 63 percent were not white.
Gender diversity still lags behind but is improving. Women made up about 24 percent of cyber professionals younger than 30, compared to 15 percent of those aged 60 and up. Women also comprised a slightly higher share of the cyber workforce in organizations that used skills-based hiring, ISC2 found. In the overall survey of 15,000 respondents, nearly 1 percent selected a gender option other than male or female, and 6 percent chose not to self-describe.
