The Cybersecurity Skills Gap Is Widening: The Reasons Why May Surprise You

cybersecurity skills portnox

We live in a world where cybercriminals can penetrate an alarming 93% of company networks. In fact, this trend looks set to continue as we move further into 2022 and beyond.  

Simply put, the cyber threat landscape is becoming increasingly dangerous for organizations and individuals today. For example, cybercriminals are becoming more sophisticated in their methods, shadow IT is widening the corporate attack surface, and network administration errors and misconfigurations are common. At the same time, Crime-as-a-Service (CaaS), where experienced cybercriminals sell access to tools and knowledge needed to execute an attack, is skyrocketing in popularity. The result? More hackers and more successful cyber-attacks.  

We need to strengthen our cybersecurity arsenal if we want to turn this situation around and effectively safeguard corporate systems. And that starts with people – the cybersecurity professionals who find unique solutions to keeping bad actors out. But unfortunately, the widening cybersecurity skills gap is making this extremely difficult. With this in mind, let’s look at the current state of the cybersecurity skills gap and what’s driving it.  

The Current State of the Cybersecurity Skills Gap

According to Fortinet’s 2022 Cybersecurity Skills Gap Report, the cybersecurity skills gap contributed to a whopping 80% of data breaches last year. And these breaches had dire consequences, with 64% of organizations saying they lost revenue or faced fines and 38% reporting that breaches cost them more than a million dollars.  

Companies need skilled cybersecurity professionals now more than ever, but finding and keeping this talent is becoming increasingly difficult. For example, the same report found that 60% of organizations struggle to recruit cybersecurity talent and 52% struggle to retain qualified people, despite 76% of organizations indicating their board of directors now recommends increasing cybersecurity headcount.  

In simple words, organizations urgently need to close the cybersecurity skills gap to tighten their network security and keep pace with nefarious actors, but the gap continues to widen. For example, according to another report, the global cybersecurity workforce will need to grow by 65% to defend organizations’ critical assets effectively.   

At the same time, we continue to make immense strides in technological innovation across industries. Technologies that once seemed like science fiction, such as artificial intelligence (AI), machine learning, and Internet of Things (IoT) devices, are now becoming commonplace. But while these technologies undoubtedly add enormous value, we’re not hiring and training the talent to ensure their security.  

 Perhaps the most puzzling aspect of this situation is why precisely the cybersecurity industry is struggling to attract and retain talent. On paper, cybersecurity appears to be an attractive job prospect for fledgling tech enthusiasts or even IT workers who might want to transition roles into areas like network engineering, cyber intelligence, or security analysis.  

The appeal for people entering the field should be strong job security, a wide variety of opportunities, the ability to make a real impact, and decent pay (the average salary for a cybersecurity engineer in the US is $101,5481). And IT workers looking to transition into the role get much the same benefits but with a lower barrier to entry. For example, a coder is unlikely to struggle to wrap their heads around firewall types, network access control, and authentication security protocols like 802.1X.  

 And yet people aren’t jumping at the chance to work in cybersecurity. Moreover, nearly one-third of the cybersecurity workforce plans to leave the field in the near future. But why?  

Factors Driving the Cybersecurity Skills Gap

Various factors are at play in why the cybersecurity industry faces talent shortages and a widening skills gap. So, let’s get into them.  

An Increasingly Demanding Skill Set and Entry Requirements

Due to the severity of today’s cyber threat landscape, cybersecurity professionals need a massive range of skills, and the list is growing yearly. Organizations increasingly want workers to have strong computer science, network engineering, and other technical skills in addition to computer forensics skills, problem-solving skills, and more.  

And more often than not, one of the key prerequisites to enter the field is a formal degree and an advanced professional certification like CISSP (Certified Information Systems Security Professional). 

But despite these requirements, getting cybersecurity skills while still in education is often challenging. For example, only 43% of the US’s top 50 computer science programs include security courses for undergraduates. In other words, we might be failing to attract budding IT professionals into cybersecurity before they choose their career paths. And when this next generation of IT workers opts for a different discipline, they find themselves without the needed certifications to transition into cybersecurity.  

Cybersecurity is Too Stressful

Sadly, stress is an industry epidemic in cybersecurity. Defending against advanced threats daily or even hourly can take a toll on mental health, which is reflected in the statistics. For example, according to Deep Instinct’s Voice of SecOps Report, 45% of C-suite and senior cybersecurity professionals have considered quitting the industry due to stress. And another study from the UK found that 42% of security leaders say they would be unlikely to recommend a job in cybersecurity due to the stress of the job.  

A Thankless Job

Cybersecurity teams typically attract the most attention when something goes wrong (a successful breach). But, when they successfully defend the network, there’s silence. As a result, morale is often low in cybersecurity teams. If you’re going to be stressed, you should at least have your successes championed, right? Unfortunately, too many companies are failing to do this right now.  

Attitudes Toward Cybersecurity

Most companies recognize that network security and cybersecurity are essential in the modern world, but that doesn’t mean they have positive feelings toward them. Many high-ranking employees believe that cybersecurity stifles innovation or that cybersecurity teams are too heavy-handed regarding network access control. They don’t see all the attacks that cybersecurity teams prevent, so they assume the team is needlessly restricting their access to files and apps to exert power.   

Choosing a career in cybersecurity can seem unappealing if you’re anticipating being undervalued by your employer.  

Where Do We Go From Here?

Unfortunately, it’s never been easier to become a black hat hacker. Advanced hacking tools are easy to come by, and knowledge sharing for things like phishing attacks, whaling attacks, and corporate account takeovers is rife. But the barrier to entry for the other side – the good guys who want to protect corporate networks is far higher. So companies that want to strengthen their network security need to take steps to overcome the cybersecurity skills gap and deploy advanced tools to help bridge the gap.  


Try Portnox Cloud for Free Today

Gain access to all of Portnox's powerful zero trust access control free capabilities for 30 days!