Despite a 52.4% year-over-year increase in the number of cybersecurity professionals in the Asia Pacific to reach a little over 859,000, a latest study by the (ISC)2 showed the region needs to add 2.2 million people to this talent pool to close the workforce gap.
(ISC)² is a global association of certified cybersecurity professionals with membership numbering over 235,000.
According to 60% of APAC respondents of the global study, their organisations are having a significant shortage of cybersecurity staff; and, more than half of respondents (56%) with workforce shortages feel that staff deficits put their organisation at a "moderate" or "extreme" risk of a cyberattack.
For organisations looking to mitigate staff shortages, the research suggests that initiatives to train internal talent, rotating job assignments, mentorship programmes and encouraging employees outside of IT or the security team to join the field were the most effective.
At the same time, the report finds that 71% of APAC respondents expect their cybersecurity staff to increase somewhat or significantly within the next 12 months. This is close to the global average of 72%, which is the highest predicted growth rate compared to the last two years (53% in 2021 and 41% in 2020).
“Geopolitical tensions and macroeconomic instability, alongside high-profile data breaches and growing physical security challenges, have resulted in a greater focus on cybersecurity and the need for more professionals within the field,” said Clar Rosso, CEO, (ISC)².
“The study shows us that retaining and attracting strong talent is more important than ever. Professionals are saying loud and clear that corporate culture, experience, training and education investment, and mentorship are paramount to keeping teams motivated, engaged and effective,” she added.
The 2022 (ISC)² Cybersecurity Workforce Study is based on online survey data collected in collaboration with Forrester Research, Inc. in May and June 2022 from 11,779 individuals responsible for cybersecurity at workplaces throughout North America, Latin America, the Asia-Pacific region and Europe, Africa & the Middle East.
The study takes a closer look at cultural and demographic shifts over the last year. In addition to an analysis of the changing workforce, the study also highlights the top issues with retention, concerning workplace conditions such as burnout, the shift of racial, gender and ethnic diversity among younger cybersecurity professionals, the changing perception of certifications in the field, as well as the impacts from current events and future predictions of the cybersecurity workforce.
Other major findings of the study include:
Corporate Culture
- 75% of global respondents report strong job satisfaction and the same percentage feel passionate about cybersecurity work, yet 70% of global respondents still feel overworked
- While two-thirds of Singapore respondents (66%) agree that an increase in remote work has drastically changed how their organisation approaches cybersecurity, nearly half (46%) would consider switching jobs if they are no longer allowed to work remotely
- 67% of Singapore respondents are investing in training to help prevent or mitigate cybersecurity staff shortages at their organisation
- 63% of Singapore respondents agree cybersecurity hiring managers and HR collaborate well on developing roles and job descriptions for security staff at their organisation
- Of those that responded there was a shortage of cybersecurity staff, 67% of Singapore respondents say the biggest cause of this shortage is that their organisation can’t find enough qualified talent
Diversity, Equity and Inclusion
- 55% of global employees believe diversity will increase among their teams within two years
- Nearly 25% of global respondents below age 30 consider gatekeeping and generational tensions as top-five challenges for the next two years, compared to 6% of workers 60 or older
- 47% of APAC respondents state that their organisation is investing in diversity, equity, and inclusion initiatives (e.g., attracting more women and minorities to enter the cybersecurity profession)
Changing Perceptions and Current Events
- 64% of global respondents seek new certifications for skills growth and stay current with security trends
- 25% of APAC employees (Singapore: 30%) state that their organisation would increase their security budget as the result of a breach. However, only 18% (Singapore: 22%) state that their organisation would hire additional IT staff
- 50% of APAC cybersecurity professionals are concerned about the skills shortage in the cybersecurity sector but this is considered a lesser risk compared to other regions
- 26% of APAC organisations have been more focused on business continuity and resiliency due to impacts from the Russia-Ukraine war but this is low compared to other regions