Infosec 2017: Europe Needs 350,000 More Cybersecurity Professionals As Skills Gap Grows

skills gap

Europe faces a shortage of 350,000 IT security staff by 2022 – yet companies continue to focus on hiring workers with existing experience

Europe is expected to have a digital security skills gap of 350,000 by 2022, according to a new study, which urged firms to respond by broadening their hiring practices and investing in training.

Two-thirds (66 percent) of the European security professionals surveyed said there were too few staff available in their field, a proportion in line with the worldwide figure, which rose from 62 percent worldwide in 2015.

Ambitious hiring plans

As a result, Frost & Sullivan, which conducted the study, said it expects a worldwide shortage of 1.8 million staff by 2022. In the previous edition of the report two years ago, the firm predicted a 1.5 million staff shortage by 2020.

The Global Information Security Workforce Study (GISWS), commissioned by the Centre for Cyber Safety and Education and (ISC)2, was carried out from 22 June to 11 September, 2016, and surveyed 19,641 IT security professionals from 170 countries, including nearly 3,700 respondents in Europe.

Cloud SecurityIt found companies are increasingly concerned about a range of threats, with data breaches topping the list worldwide and ransomware seen as the the top threat in Europe, where 28 percent said they were concerned about it.

As a result 70 percent of hiring managers worldwide said they are looking to increase their IT security workforce this year.

Much of that hiring is concentrated in Europe, where 38 of companies said they want to expand their security staff by at least 15 percent this year, while 27 percent intend to expand it by 20 percent or more.

The most sought-after positions worldwide were operations and security management, with 62 percent saying there was a shortage of people for the position, followed by incident and threat management and forensics at 58 percent.

What is your biggest cybersecurity concern?

  • Ransomware (28%)
  • Humans / Social Engineering (27%)
  • State sponsored hackers (14%)
  • Malware (14%)
  • Other (7%)
  • Out of date tools (6%)
  • DDoS (4%)

Loading ... Loading ...

Narrow hiring practices

In Europe, 48 of respondents said the skills shortage was due to a lack of qualified talent, but the study found that managers are concentrated on hiring through conventional channels – such as their own professional networks and human resources departments – and prioritised existing experience in the field.

Moreover, nearly 90 percent of the global workforce is male, with the majority having a computer science or engineering background, the study found.

The findings suggested firms could begin to address the shortage by broadening their hiring practices.

“It is highly unlikely that a manager’s professional circle includes many individuals from diverse backgrounds, or many women and young people with the potential to move into the profession,” Frost & Sullivan said in the study. “Clearly, new recruitment practices are needed, particularly ones that move away from prioritising existing experience in the field.”

The study found that many security staff start off with a non-IT background, with a sizeable proportion of them rising to prominent positions.

security and privacyIn Europe, non-technical staff comprised 24 percent of those with a non-security background, coming from areas including business, marketing, finance, accounting or the military.

Diversifying the talent pool

“This illustrates the value of expanding horizons beyond traditional technical recruitment channels,” Frost & Sullivan wrote.

The study also urged companies to better communicate their requirements to the workforce, finding that those priorities aren’t in line with the ones workers consider important.

Hiring managers said their top two requirements were communication skills, at two-thirds, and analytical skills, at 59 percent, while those two were amongst the lowest valued by workers for career success.

Staff instead placed the most emphasis on technical skills, the top two being cloud computing and security, at 60 percent, and governance, risk management and compliance skills, at 40 percent.

The study found that low unemployment rates (2 percent worldwide and 1 percent in Europe) combined with high turnover meant companies were unwilling to invest in training, further deepening the skills shortage.

“There are real structural concerns hampering the development of the job market today that must be addressed,” said Adrian Davis, (ISC)2’s managing director for Europe, the Middle East and Africa.

“It is particularly concerning that employers appear reluctant to invest in their workforce and are unwilling to hire less-experienced candidates. If we cannot be prepared to develop new talent, we will lose our ability to protect the economy and society.”

How well do you know the cloud? Try our quiz!