There are now close to three million unfilled security positions around the world

An ever-widening cybersecurity workforce gap is putting more and more organizations at risk, new data reveals.

Although awareness of the cybersecurity skills shortage has been growing worldwide, a new report from IT security certification group (ISC)2 indicates that the number of unfilled positions in the sector is now close to three million globally.

Based on data from nearly 1,500 respondents around the world, the 2018 (ISC)2 Cybersecurity Workforce Study (PDF), published today, says 2.93 million security specialists are needed to fill the current skills shortage.

To put this figure into context, laid from head to toe, the number of additional personnel required to fill the cybersecurity workforce gap around the world would stretch from New York to San Francisco – and beyond.

According to (ISC)2, Asia-Pacific is experiencing the biggest workforce shortage, at around 2.15 million, in part thanks to its growing economies and new cybersecurity and data privacy legislation being enacted throughout the region.

This is followed by a shortage of 498,000 security specialists in North America, 142,000 in EMEA, and 136,000 in Latin America.

“Despite increases in tech spending, this imbalance between supply and demand of skilled professionals continues to leave companies vulnerable,” the report reads.

“It’s no surprise that research shows the shortage of cybersecurity professionals is now the number one job concern among those who already work in the field.”

Gap in cybersecurity professionals by region

Providing a preview of the report at this year’s (ISC)2 Security Congress in New Orleans, John McCumber, director of cybersecurity advocacy for the non-profit certification group, said the study highlights not just the challenges, but also the progress that has been made over recent months.

Among the report’s positive takeaways, he said, was that more than half of the companies represented expect to increase their security budgets over the next 12 months.

And while there is still a long way to go in terms of redressing the gender imbalance in security, women were now found to make up 24% of the sector’s global workforce in 2018.

“We knew we couldn’t solve the problem overnight, but we are making progress, and the trends are going in the right direction,” McCumber said.

As organizations increase their security budgets, (ISC)2 said they must portion out those funds mindfully, combining investments in personnel, training, and security solutions to create a “comprehensive cybersecurity approach” that can shrink their share of the gap.

“CISOs have three levers to play with to be effective,” said McCumber. “You have a technology lever, a policy lever, and a people lever. The most impactful of these is the people lever – that’s what’s really critical.”

RELATED How Africa is tackling its cybersecurity skills gap