It is feared that Europe may be facing a serious shortage of information security technicians as soon as 2022. This at a time when cyber attacks — especially from Russia — are on the rise and present an ongoing security threat. According to a recent report based on the 2017 Global Information Security Workforce Study, 40 percent of European companies plan to expand their cyber security operations by at least 15 percent over the next 12 months.
Over 19,000 individuals were surveyed in the making of the Workforce Study, with 3,700 being European. It appears that by 2022, Europe may be facing a shortage of up to 350,000 workers in the information and network security sector. The report recognizes that Europe is already plagued by labor scarcity in the field, with an unemployment rate of just 1 percent. The report calls on employers to ramp up training and do more to seek out and welcome new employees into the cyber workforce.
With 92 percent of hiring managers saying that they give priority to applicants with prior cyber security experience, while most employees are recruited from within the managers’ professional networks, it is feared that a closed loop is in place that cannot deal with the long-term demand for a more robust cyber workforce. Globally, a whopping 70 percent of companies are planning on increasing the number of workers in their cyber security divisions. But a shortage of skilled workers and a lack of investment in training — combined with aggressive recruitment targets — is creating a “seller’s market” that not only drives up wages, but also leaves many positions vacant.
A significant portion of the global cyber workforce, 21 percent, reports having changed jobs in the past year. Salary pressure is one factor why organizations are facing serious challenges in retaining staff, as over 33 percent of the workforce in Europe is now making in excess of $100,000 (€95,000/£78,000) annually.
One obvious weakness in the labor market is the scarcity of women in cyber security. The report highlights the lack of focus on women in recruitment campaigns and the ongoing gender pay gap as issues exacerbating the problem. Also cited is the continued emphasis on technical skills over more general skills that can then be refined with training, and the general recruitment bias against millennials.
This gap in demand and supply is happening as a number of cyber security issues continue to develop. Data exposure was the top concern of professionals around the world. The upcoming General Data Protection Regulation (GDPR), scheduled to go into effect in Europe on May 25, 2018, is also creating a bottleneck in the information security sector. Organizations found violating this new regulatory system face fines of up to €20 million or 4 percent of global turnover, whichever is greater.
The report emphasizes that recruiters need to leave their comfort zone and look for potential employees from a broader spectrum of applicants. It was advised that companies needed to focus on finding applicants who can, with training, do what is needed and not to be so dependent on prior qualifications.