Cybersecurity Jobs Report Vs Survey

Why industry forecasts are underestimating the cybersecurity workforce shortage…

Steve Morgan, Editor-in-Chief

Menlo Park, Calif. – Jun. 8, 2017

For the past several years, Cybersecurity Ventures has been reviewing and synthesizing dozens of employment figures from the media, analysts, job boards, vendors, governments, and organizations globally, towards predicting the number of cybersecurity job openings over the next 5 years.

Our annual Cybersecurity Jobs Report, 2017 confidently predicts that there will be 3.5 million cybersecurity job openings by 2021. The report notes that cybersecurity jobs forecasts have been unable to keep pace with the dramatic rise in cybercrime, which is expected to cost the world $6 trillion annually by 2021, up from $3 trillion in 2015.

We believe there is a direct correlation between cybersecurity market growth, which is driven by cybercrime, and the number of unfilled cybersecurity positions at a given point in time.

A new online survey from (ISC)2 states that the cybersecurity workforce gap is on pace to hit 1.8 million by 2022 — a minimal year-over-year increase in cybersecurity job openings over nearly a decade from 2013 to 2022 (Cisco’s 2014 estimate of 1 million cybersecurity job openings globally was based on data from 2013).

(* NOTE: ISC(2) uses the terms “cybersecurity” and “information security” interchangeably — referring to job openings by one term or the other in their press release, report and other materials. Cybersecurity Ventures separates the terms and views cybersecurity and information security — a.k.a. IT security — with different meanings, albeit some overlap between the two.)

The (ISC)2 survey — which underestimates the number of cybersecurity job openings compared to Cybersecurity Ventures’ estimate of 3.5 million openings by 2021 — appears to focus on “information security” jobs, and not actually “cybersecurity” jobs, which helps explain their substantially smaller figures.

For our jobs report, we looked at a myriad of research from others who cover cybersecurity employment – given the seriousness of the topic. We understand that the media will feature and cite our research, and it will be read by hundreds-of-thousands or even millions of people. Our research can influence all sorts of decisions made by investors, security buyers, educators, governments, and organizations of all types.

In addition to looking at research, our top team members speak directly to cybersecurity experts, CISOs, IT security leaders, analysts, researchers, HR executives, search firm owners, and recruiters. We ask questions, listen carefully to answers, and follow up in order to glean the most accurate feedback. Cybersecurity Ventures does not conduct or rely upon surveys for our jobs research, although we do review third party surveys.

On the surface, it appears that the 3.5 million job openings figures from the Cybersecurity Ventures report and the 1.8 million job openings figures from the ISC(2) survey are opposed to each other.

Similarly, it appears that the ISC(2) survey numbers are opposed to numbers from a recent cybersecurity skills gap analysis from ISACA — a nonprofit, independent association that advocates for professionals involved in information security, assurance, risk management and governance — which estimated a global shortage of 2 million cybersecurity professionals by 2019, according to the UK House of Lords Digital Skills Committee.

We do not view the (ISC)2 survey as being opposed to our report. Rather, our perspective is that the survey contains numbers which are a subset of those contained in our report, the survey validates our prediction, and it offers extremely valuable data points for the corporate IT security community.

The Cybersecurity Ventures report covers “cybersecurity” jobs, which is a superset of information security (a.k.a. IT security) jobs. The nomenclature difference is important. We include information security PLUS cyberwarfare (in governments, and commercial sector), IoT (Internet of Things) and IIoT (Industrial Internet of Things) security, embedded security, mobile security, automotive cybersecurity, aviation cybersecurity, maritime cybersecurity, medical device security, and others — essentially all workers involved with digital security.

Furthermore, our report covers cybersecurity job openings outside of the corporate arena – and include technology vendors, cybersecurity vendors, MSSPs (managed security services providers), channel companies (VARs, systems integrators, solutions providers, etc.), embedded systems and software development firms, and all organizations who conceivably employ – or are likely to employ – cybersecurity professionals. Across all of these categories, we cover startups (including a historic and growing number of VC funded cybersecurity firms) and small businesses — many of whom don’t have ‘hiring managers’, but will collectively employ a great number of cybersecurity professionals over the next five years and beyond.

Finally, the convergence of physical security and cybersecurity is rapidly expanding and our report takes the cyber related positions and job openings in this field into consideration.

Cybersecurity Ventures applauds all well done research — including the ISC(2) information security jobs survey. Our report contained a data point from the ISC(2) survey — one of many data points from multiple sources which helps provide our readers with the big picture around global cybersecurity job openings.

To summarize, Cybersecurity Ventures predicts:

Cybercrime damages will cost the world $6 trillion annually by 2021, up from $3 trillion in 2015;

Global cybersecurity spending — which is driven by cybercrime — will exceed $1 trillion cumulatively over the next 5 years, from 2017 to 2021;

There will be 3.5 million cybersecurity job openings by 2021, up from previous estimates of 1 million in 2013/2014.

We encourage the media, authors, industry experts, vendors, solution providers, associations, schools, governments, bloggers, and other publishers, to confidently share the data points and predictions in our annual Cybersecurity Jobs Report, 2017.

In closing, Cybersecurity Ventures would like to thank ISC(2) for their contributions as an international nonprofit membership association focused on inspiring a safe and secure cyber world. We have tremendous respect for ISC(2)’s place in the industry.

– Steve Morgan is founder and Editor-in-Chief at Cybersecurity Ventures.

Go here to read all of my blogs and articles covering cybersecurity. Go here to send me story tips, feedback and suggestions.