Statistical Guide on Cybersecurity Skills Gap & How to Close it

Acodez IT Solutions
8 min readJun 3, 2020

There’s an ongoing discussion about the scarcity of skills within the cyber-security industry. The present cyber-security workforce is estimated to be 2.8 million and the number of vacancies is expected to rise to 4 million by 2021; this is according to Cyber-Security Ventures.

But sometimes this skill gap is regarded as a myth since companies are only unable to purchase the optimal market rates for cyber-security professionals.

Experts with vast skills are struggling to survive in this rather competitive environment as well.

Firsthand candidates wishing to enter the industry are facing hurdles, finding it difficult to do so. The candidates are not even knowledgeable of where they can start to apply their skills and are finding it hard to stand out without the prerequisite experience.

The paradox is that firms are also finding it incredibly difficult to offer these entry-level professional positions in their workforce.

The situation is being viewed as a shortage of skills. It’s acceptable that having a formal education cannot guarantee your entry into the cyber-security world.

The majority of cyber-attackers are innovative and self-taught. This case makes it harder for candidates to submit their CVs, and even more difficult for the hirer to assess them.

The only way that is perceived to be easy for prospective candidates and hirers is networking. Here, candidates learn relevant lessons about cyber-security.

Why the Skills Gap?

Several surveys have been conducted to examine the state of the cyber-security workforce and the shortage of skills in the industry.

The (ISC)2 — International Information Systems Security Certification Consortium, which is the body mandated with the provision of security training and certificates has been conducting a parallel survey about the skills gap in the cyber-security industry, and it has managed to estimate the present number of employed cyber-security professionals and the extra trained professionals required to fill the available vacancies.

The examinations involve a variety of security pundits worldwide with responsibilities ranging from the provision of network security, compliance, to the management of risks in a network architecture.

At first, these studies match with most companies reporting understaffing and lack of proper skills among the available IT and cyber-technology professionals. A proportion of the workforce has expressed dissatisfaction with their work-life balance, which is a major challenge that causes employed people to leave their occupations.

According to (ISC)2 there is nothing like a shortage of skills or unemployment — there are jobs that must be filled.

Security experts require no formal education to fit cyber-security job positions but a wide set of skills like the ability to learn modern technologies, the ability to communicate well, being innovative, and so on. Employed security pundits are earning a lot of money as well.

There are several reasons why there is a skills gap in the cyber-technology job market.

Firstly, the market is unable to withstand the available demand. There is an increasing rate of the number of cyber-crimes and this will prevail since cyber-attacks are very lucrative.

Secondly, there is a negative perception of the general public.

For instance, if you search today the word “cybersecurity” on Google, you will not miss “an image of a guy wearing a hoodie, on a computer somewhere in the dark,” but you won’t see someone rushing to rescue!

Lastly, whereas the industry is certainly in dire need of security pundits, there has never been a clear career path for them.

Cybersecurity Skills Gap Across the Globe

Research shows that in the United Kingdom, France, and Germany the present number of employed cybersecurity professionals is 289,000, 121,000, and 133,000 respectively.

The survey shows that the cyber-security skills gap across Europe, the Middle East, and Africa (EMEA) region alone has reached 291,000. From the study, it is clear that:

  • Approximately 65 percent of companies report a shortage of cyber-security professionals: 36 percent of these organizations cited insufficiency of skills/expertise among some of their staff members.
  • About 66 percent of the respondents showed satisfaction (37 percent) and dissatisfaction (29 percent) in their career; over 65 percent of these individuals are willing to work in this industry for their whole service time.
  • Approximately 30 percent of the cyber-security professionals are females and 23 percent of them own security-specific portfolios.
  • About 37 percent are under 35 years of age and 5 percent are classified as Generation Z which falls below the age of 25.
  • Approximately 48 percent of companies believe that their training budgets for cyber-security professionals are set to rise in the future.

The survey also probed the motivation of cyber-security workforce and came up with the following findings:

  • In North America, a cyber-security professional earns an average salary of $90,000; a cyber-security certification holder earns $93,000 whereas professionals without the certification pocket an average salary of $76,500.
  • Currently, about 59 percent of cyber-security professionals are undergoing modern security certifications or are planning to pursue it soon.
  • Only 42 percent of the interviewees indicated they began their professions in the cyber-security industry, implying the remaining 58 percent shifted to the industry from other professions.

The survey indicates that the majority of cyber-security professionals are greatly satisfied in their jobs and are confident about their futures.

Nevertheless, there is a massive shortage of cyber-security and IT professionals in the current global workforce to keep companies safe from cyber-attackers.

Cybersecurity Job Vacancies

Regardless of the number we keep discussing, the truth is that there is a tremendous deficit of cybersecurity professionals in the industry and the number is on the rise.

Some of the sampled facts about unfilled jobs include:

  • Cybersecurity Ventures reports that by 2021, the number of unfilled cybersecurity jobs will hit 3.5 million, and out of this, the Asia-Pac region and Europe will account for over 2 million and 400,000 vacancies respectively.
  • According to Cyber Seek, the number of employed cybersecurity professionals in the United States is about 715,000 and the country has a total of 314,000 vacancies.
  • Cybersecurity is not just the only industry experiencing a labor crunch, although it is regarded as one of the most hit industries among the Science, Technology, Engineering, and Mathematics (STEM) professions. In 2018, STEM industries across the United States experienced acute vacancies of over 4 million. Fortunately, by 2027, STEM jobs are expected to grow by 13% in comparison to 9% for other professions.

International Statistics

There is a common trend in international cyber-security arenas: skills and experience are highly preferred.

  • In 2017 and 2018, India was leading for its tremendous cyber-security job vacancies followed by European countries such as Sweden, the Republic of Ireland, the United Kingdom, and Italy. A study by NASSCOM reveals that India, the second-most populous country in the world currently requires over 1 million cyber-security pundits to meet her economic demands.
  • Findings by the EY Survey show that the shortage of cyber-security skills across European countries is declining the growth of companies and ultimately damaging the economy of the entire region. Cyber-security skills that stand at 48% of all digital skills have been identified as a significant hurdle to the continent’s economy.
  • There is a high rate of cyber-security skills gap increase rate in the Republic of Ireland. The country is experiencing a high growth rate of demands, particularly in cyber-security roles. It’s been reported that Ireland is unable to sustain the 18% demand increase.
  • The United Kingdom is facing a vast cyber-security job crisis. This is according to a parliamentary inquiry conducted recently. The survey showed that even the National Cyber Security Centre (NCSC), which is the government institution authorized to offer cybersecurity support to the government is lacking the expertise it requires.
  • Ironically, Israel which is regarded as the second-largest exporter of cyber-technology in the world and among the top ten largest cyber-security hubs, in 2019, was facing a shortage of cyber-security jobs, is a significant problem the industry is experiencing at present. The shortage has caused local salaries for cyber-technology jobs to rise, compelling organizations to outsource workers from foreign countries.
  • South Africa’s largest financial institution, the ABSA group has partnered with Maharishi Institution in a bid to establish a cyber-security training academy. This program shows that the cybersecurity industry in the region is at stake and people require empowerment.
  • Nigeria, the most populous country in Africa is facing an acute shortage of cybersecurity professionals. In 2018, only 1,800 workers owned cyber-security certification in the country. Consequently, Microsoft demanded the country to create a safer online community.
  • A survey conducted by a Deloitte firm showed a shortage of skills across Canada. Significant roles are left unoccupied and it is anticipated firms in the country will require close to 8000 extra cyber-security experts by 2021.
  • Cisco Networking Academy is assisting to empower cybersecurity personnel in marginalized countries. For instance, Cisco has collaborated with 1550 institutions and 3,800 trainers to train cyber-security professionals in Latin America. In 2018, the partnership saw over 1.6 million graduands complete the course.

Closing the skills gap in cyber-technology is not going to happen any time soon.

The pipeline must begin when the very first-time freshmen from the college declare their interests to major in this career. Coding should be learned like chemistry and biology. Education systems all over the world must look into ways of bringing a cyber-security skillful generation.

At workplaces, companies should revisit their internal processes. They need to remember that cyber-security is not a profession that fits well with the conventional job qualifications listed in the checklist.

There is room to be innovative, be easy to learn new technologies, the ability to communicate, and so on. But most importantly, we must come up with strategies that leave everyone thinking about cyber-security; approaches that shun the old narrative of there being a skills gap in the cyber-security industry.

Originally published at on June 3, 2020.



Acodez IT Solutions

Acodez is one of the leading digital marketing agency in India. We are also a renowned web design and web development company. Visit: