Overall worldwide shortfall shrinks 400k to 2.7m unfilled positions


UPDATED The global information security workforce gap has shrunk for the second consecutive year – but only by dint of pandemic-related progress in the Asia-Pacific region, a new report reveals.

The gulf between the supply of, and demand for, cybersecurity talent actually widened in every other region assessed by (ISC)² – namely Europe, North America, and Latin America.

Published today (October 26), the US-based infosec certification organization’s latest Cybersecurity Workforce Study cited a comparatively slow economic recovery in the Asia-Pacific, which meant demand for security talent was lower, as the main driver for the region bucking this trend.

Supply-side progress

(ISC)² now estimates the global infosec skills gap to stand at around 2.7 million unfilled positions worldwide.

This represents a fall of around 400,000 from 3.1 million in 2020, when compared to 2019 the gap shrank for the first time in memory, by nearly one million.

Significant progress is being made on the supply side, with 700,000 new entrants to the field observed since 2020, increasing the global infosec workforce to 4.2 million.

RELATED Cyber awareness initiative aims to close infosec workforce gap with free school curriculum

However, an accompanying surge in demand, in an increasingly digitally connected world beset by ever-more numerous and sophisticated cyber-attacks, offset much of the advance.

The cybersecurity workforce needs to grow 65% from present levels in order to adequately meet global needs, (ISC)² estimates.

For 60% of infosec pros surveyed by the nonprofit, cybersecurity staffing shortages were putting their organization at serious risk.

Unsurprisingly, growing demand for scarce infosec skills had an inflationary impact on pay packets, with the average global cybersecurity salary rising from $83,000 to $90,900 year on year.

Diversity initiatives

Asked which people-oriented initiatives organizations were prioritizing in order to attract fresh infosec talent, respondents most frequently cited additional training (36%), more flexible working conditions (33%), and diversity, equity, and inclusion initiatives (29%).

Cited by 40% of respondents (and mirroring the study’s 2020 edition), cloud security was again considered the top current priority for cybersecurity professionals’ skills development.

Most information security professionals (85%) continue to work remotely to some degree because of the ongoing pandemic, the latest study also revealed.


“The underlying issue isn’t just that demand is growing, it is that the jobs market consistently can’t attract enough people into cybersecurity careers to service demand,” Clar Rosso, CEO of (ISC)², tells The Daily Swig.

“It’s partly an education issue that the whole industry needs to rise to. We recently announced plans for an entry-level certification to build a more accessible career path for younger professionals and first-time cybersecurity workers, at the same time addressing the misconception that cybersecurity is a career only for those with highly technical training and experience.”

READ MORE (ISC)² hopes diversity drive will hasten glacial progress on plugging infosec workforce gap

Rosso adds: “Recognizing and addressing diversity, equity and inclusion will help employers to grow the talent pool immensely. Moreover, it will help to attract more and a far broader selection of people from a variety of backgrounds and social groups, making cybersecurity a profession that is more representative and one more people want to enter and remain in.”

Asked about the role of government in tackling the skills deficit, she commented: “Concerted, focused efforts to strengthen the cybersecurity workforce at all levels of government is necessary. The strong growth in the workforce estimate in Singapore, for example, may be attributed to that nation not only shoring up technology and capabilities, but also the workforce.

“Governments are also in an advantageous position of being able to recruit more broadly and build their ranks with entry and early-career practitioners – investing in their training and development, solidifying national cyber defences, and ultimately creating a larger, skilled and qualified workforce.”

The study’s findings were based on a survey of 4,753 cybersecurity and ICT professionals working for organizations of various sizes in 14 countries.

This article was updated on October 26 with additional comments from Clar Rosso of (ISC)²

RECOMMENDED ‘Find out what sparks joy’ – YouTube educator and security expert Katie Paxton-Fear on carving out a successful infosec career