• United States



Cybersecurity job market to suffer severe workforce shortage

Jun 22, 20173 mins

10 facts, figures and statistics summarize the cybersecurity labor market

team teamwork global workforce
Credit: Thinkstock

The global cybercrime epidemic – predicted to cost the world $6 trillion annually by 2021 – is creating an unprecedented shortage of cybersecurity workers.

These 10 facts, figures, statistics, and observations sum up the employment crisis – and offer a few ideas and programs that may help solve the problem:

  • The 2014 Cisco Annual Security Report ventured what became a widely popular cybersecurity jobs forecast over the past three years, originally stating “It’s estimated that by 2014, the industry will still be short more than a million security professionals across the globe.”
  • Cybersecurity Ventures predicts there will be 3.5 million unfilled cybersecurity positions globally by 2021. Every IT position is also a cybersecurity position now. Every IT worker, every technology worker, needs to be involved with protecting and defending apps, data, devices, infrastructure, and people. If that is true, then the cybersecurity workforce shortage is even greater than what the numbers suggest.
  • The cybersecurity unemployment rate was zero percent in 2016, and it’s expected to remain there from 2017 to 2021. “The field of cyber security is the least populated of any field of technology,” according to John McAfee. “There are two job openings for every qualified candidate.”
  • In 2017 the U.S. employs nearly 780,000 people in cybersecurity positions, with approximately 350,000 current cybersecurity openings, according to CyberSeek, a project supported by the National Initiative for Cybersecurity Education (NICE), a program of the National Institute of Standards and Technology (NIST) in the U.S. Department of Commerce.
  • The current number of U.S. cybersecurity job openings is up from 209,000 in 2015. At that time, job postings were already up 74 percent over the previous five years, according to a Peninsula Press analysis of numbers from the Bureau of Labor Statistics.
  • The National Association of Software and Services Companies (NASSCOM) recently estimated that India alone will need 1 million cybersecurity professionals by 2020 to meet the demands of its rapidly growing economy. Despite having the largest information technology talent pool in the world, India is highly unlikely to produce an adequate number of professionals to close the cybersecurity skills gap.
  • The Palo Alto Research Center and Symantec have both projected the demand for cybersecurity talent would rise to 6 million jobs (total jobs, filled and unfilled) globally by 2019.
  • Right now, about 65 percent of large U.S. companies have a CISO (Chief Information Security Officer) position, up from 50 percent in 2016, according to ISACA, an independent, nonprofit, global association. Cybersecurity Ventures predicts that 100 percent of large companies globally will have a CISO position by 2021. The cybercrime and related workforce shortage is severe – and organizations need security leadership with a solid or dotted line to the CEO in order to remedy the problem.
  • The cybersecurity industry has a gender problem. Women hold only 11 percent of cybersecurity positions globally. Yet, they hold 25 percent of tech jobs, and they make up 50 percent of the population. Palo Alto Networks has identified the Girl Scouts of USA, with 1.8 million girls, as a potential source of future women in cyber. A new program will enable K-12 Girls Scouts to earn a series of 18 cybersecurity badges.
  • Two out of three high schoolers say the idea of a career in cybersecurity had never been mentioned to them by a teacher, guidance or career counselor, according to Raytheon. IBM is sponsoring alternative education models such as Hacker Highschool and Pathways in Technology Early College High School (P-TECH), while defining new workforce approaches to reach a broader pipeline of employees based on skills, experience and aptitudes as opposed to traditional hiring models which focus on degrees alone.

Stay tuned to the Cybersecurity Business Report for continued coverage on the cybersecurity labor crisis.


Steve Morgan is the founder and CEO at Cybersecurity Ventures and editor in chief of the Cybersecurity Market Report. The Cybersecurity Market Report is published quarterly and covers the business of cybersecurity, including global market sizing and industry forecasts from consolidated research by IT analyst firms, emerging trends, employment, the federal sector, hot companies to watch, notable M&A, investment and IPO activity, and more.