Four million professionals are urgently needed to plug the talent gap in the global cybersecurity industry
The global cybersecurity workforce grew by 12.6% between 2022 and 2023 – a significant year-on-year climb for any industry.
A significant talent gap remains, however, with the World Economic Forum (WEF) estimating, in May 2024, that four million workers in the cybersecurity industry were needed worldwide.
… growth in the global cybersecurity workforce between 2022 and 2023
… increase in the number of data compromises over the previous high in 2022
The key issue driving demand for cybersecurity professionals are an exponential rise in the number of cyber-attacks that organisations are experiencing.
Security consultancy firm SecurityScorecard reported that, in 2023, the landscape of global data breaches significantly intensified from previous years, including a 72% increase in the number of data compromises over the previous high in 2022.
It also reported that “the landscape of cyber threats will include more sophisticated AI techniques, such as phishing campaigns and deepfakes.
Of additional note, “new regulations require and will galvanize more cybersecurity expertise in the boardroom plus strategic risk management and third-party risk assessment to enhance cyber resilience”.
WEF further reported that, by early 2024 in the UK, 43% of small and medium-sized enterprises (SMEs) had not been able to hire cybersecurity support. And from a U.S. perspective, there were more than half a million open vacancies for cybersecurity professionals.
From a UK workforce perspective, the cybersecurity pool on assignment increased from 45,100 to 65,200 over the same period - a notable 44.6% (20,100) increase between calendar year 2022 and 2023. Moreover, between the year to June 2023 and the year to June 2024, numbers further increased by 44.1% (23,000) to 75,100.
UK cybersecurity workforce
Source: Matchtech analysis of ONS data
Almost one in five (18.4%) cybersecurity professionals in the UK are women.
Moreover, the number of females increased by 59% between the year to June 2023 (an average of 8,700 across the year) and the year to June 2024 (an average of 13,800).
…cybersecurity professionals in the UK are women
… increase in females between June 2023 and June 2024
…cybersecurity professionals in the UK are permanently employed
And as cybersecurity professionals are such a valuable resource – and one in such high demand – it is unsurprising that, from an engagement status perspective, most (94.9%) are secured on a permanent basis. As such, very few cybersecurity professionals are available in the UK market for hire on a contingent basis.
Source: Matchtech analysis of ONS data
Interestingly, almost 70% of cybersecurity professionals are resident in just four regions, with the South-East holding 21.2%, the North West 20.5%, East of England 13.7% and London 13.3%. And the two-year figures growth in numbers in these key regions – and the South West, where numbers rose from 1,200 to 6,700 – are significant. Conversely, numbers have notably declined in the West Midlands (from 4,400 to 2,600).
Source: Matchtech analysis of ONS data
With no sign of any let up in demand for cybersecurity professionals in the UK - and with horizon potential of a new year surge in hiring as new budgets are released – UK PLC’s demand for cybersecurity professionals is set to further intensify bringing several significant considerations into play:
Employers will fight hard to retain the cybersecurity professionals they already have:
Having already secured 95% of cybersecurity professionals as permanent employees, they will both seek to preserve that relationship and/or likely counteroffer another suitor.
Contract resource is scarce:
With just an average of 3,800 cybersecurity professionals working on a contingent basis across the year to June 2024, they will have no shortage of opportunities with hirers bidding to secure their skills.
All industry actors – labelled Adopters and Enablers by WEF - must participate in increasing the talent pipeline of cybersecurity professionals.
Source: WEF, Strategic Cybersecurity Talent Framework
And our collective actions must include:
- Outreach activity into schools, colleges and universities to raise awareness to the opportunities that are available for career entrants.
- Upskilling and reskilling programmes to redirect workers away from roles where demand is diminishing into this apparent area of insatiable need.
Source: WEF, Strategic Cybersecurity Talent Framework
Key takeaways and recommendations:
The UK Cybersecurity workforce has been growing at an exponential rate in recent years - increasing by 44% in just the last year alone (to June 2024).
Such hypergrowth drives similarly extraordinary behaviours across both the demand and supply side - including employers fighting hard to secure the resource that they already have and those that need skills bidding for the available talent.
All industry actors have a role to play in ensuring that there is an evolving array of strategic initiatives in play - spanning attraction, training and retraining - to bolster the talent pipeline for this seeming insatiable area of skills.