The cybersecurity industry is short 3.4 million workers—that’s good news for cyber wages

BY Sydney LakeOctober 20, 2022, 1:01 PM
Attendees take part in a computer security competition called the “Breizh CTF” event in Rennes, western France, as seen in April 2022. (Photo by Damien MEYER—AFP/Getty Images)

The cybersecurity workforce has reached an all-time high, with an estimated 4.7 million professionals, but there’s still a global shortage of 3.4 million workers in this field, according to the 2022 (ISC)2 Cybersecurity Workforce Study released Thursday. And that shortage persists, despite the addition of 464,000 more cybersecurity positions this year, the report found. In the U.S. alone, there are more than 700,000 unfilled cybersecurity jobs, data from Cybersecurity Ventures shows. 

As the need for cybersecurity talent grows, wages and other benefits should follow. Currently, the median salary for cybersecurity professionals in the U.S. is $135,000, according to (ISC)2. The study also shows that 27% of cybersecurity professionals enter the industry for the potential of high salaries and strong compensation packages. 

“Cybersecurity salaries appear to be driven by several factors, including years of experience, sector employed, certifications attained and even geographic location like large concentrations of professionals in areas with high costs of living like Washington D.C. Scarcity of talent is most likely a driver as well,” Clar Rosso, CEO of (ISC)2, tells Fortune. “The good news for new people entering the field is that salaries remain strong.”

In addition to the growing talent gap, there’s another dynamic at playin cybersecurity: The number of cybersecurity attacks companies are facing each year is growing. Between 2020 and 2021, the average number of cybersecurity attacks per year rose 31%, to 270 attacks, according to Accenture’s State of Cybersecurity Report 2021. Companies, on average, fell victim to 29 attacks last year. Cyber attacks have also been more prevalent recently in a year of “geo-political and macroeconomic turbulence,” according to the (ISC)2 study. One of the major events was the Russian cyberattacks on the Ukrainian government at the beginning of the war.

“The modern cybersecurity landscape have galvanized passion and persistence within its workforce—which continues to change and evolve with the world around it,” reads the (ISC)2 study. “The global cybersecurity workforce is growing, but so is the gap in professionals needed to carry out its critical mission.”

Cybersecurity wages and other benefits

Cybersecurity workers know they’re in high demand. Nearly 70% of these workers feel as if their organization doesn’t have enough cybersecurity staff to be effective, the (ISC)2 study shows, and more than half of the employees at organizations with workforce shortages see their company as being at moderate or extreme risk of a cyberattack.

Attracting and retaining top cybersecurity talent requires collaboration among departments, Rosso says. Frequent communication between cybersecurity managers and human resources can help when it comes to figuring out what works and what doesn’t when trying to recruit cybersecurity workers. 

“Collaboration between HR and cybersecurity hiring managers is key to attracting and retaining talent,” Rosso says. “HR professionals should have regular check-ins with cybersecurity hiring managers to discuss and co-develop job descriptions to ensure they are realistic, achievable and can attract the right talent rather than be an obstacle.”

Part of attracting and retaining top cybersecurity is finding the right amount to pay people. Reports from industry leaders show that cybersecurity wages continue to grow year-over-year. Between 2020 and 2021, some cybersecurity salaries jumped by more than 16%, to well over the six-figure mark, according to a 2021 report from Dice, a tech recruiting platform.

Another key benefit for cybersecurity workers is access to continuing education and certifications. In fact, more than 60% of cybersecurity workers seek new certifications for skills growth and stay current with security trends, the (ISC)2 study shows. 

“Professionals are saying loud and clear that corporate culture, experience, training and education investment and mentorship are paramount to keeping your team motivated, engaged and effective,” Rosso says. “Team members of different ages and experience levels need different levels of support from their organizations. Success here means investing in education, professional development, mentorships, flexible work arrangements, and career pathing.”

A good starting place for organizations looking to jumpstart their cybersecurity education efforts is to encourage employees to pursue new certifications and trainings, Rosso adds. 

“In addition to helping encourage employees to invest in educational resources, organizations should recognize these achievements as it helps to keep people engaged for the long term,” he adds.

See how the schools you’re considering fared in Fortune’s rankings of the best master’s degree programs in data science (in-person and online), nursing, computer science, cybersecurity, psychology, public health, and business analytics, as well as doctorate in education programs and MBA programs (part-time, executive, full-time, and online).