By 2022, the number of unfilled cyber security roles is expected to surpass the 1.5 million mark. In a recent survey by Enterprise Strategy Group (ESG) and the Information Systems Security Association (ISSA), 45% of respondents stated that the cyber security talent shortage has become increasingly apparent in recent years.

Seventy percent of survey respondents stated that their organization has struggled to contend with the shortage.

Where exactly are the skills shortages?

  • 33% of respondents said application security
  • 31% said cloud security
  • 29% said security analysis and investigations
  • 26% said security engineering

Organizations that are short staffed may be more likely to suffer a data breach than other organizations. When staff on hand are continuously engaged with incident response tasks, they’re unable to contribute to the development of an overall cyber security strategy, which could hurt a given business.

In organizations that are short on cyber security staff, existing cyber security employees are often taking on daunting workloads. The job stress has reportedly led to depression, alcoholism and drug addiction among some cyber security professionals. Twenty-nine percent of survey respondents noted that a colleague, another connection, or they themselves have experienced personal issues due to high levels of job-related stress.

A clear cyber security career path:

Among survey respondents, less than one-third believe that they have a clear cyber security career path ahead of them. Organizations don’t necessarily take the time to train existing employees so that they’re ready for the next level. As a result, cyber security professionals often gain skills by moving from one job to the next. Might they also be exiting the industry on account of insufficient career opportunities?

Taking the time to offer cyber security skills development opportunities is one of the best ways to avoid turnover, and to increase knowledge.

“From [an] industry perspective, it is critical for the profession to work together to define a globally accepted professional career map,” says president of the ISSA, Candy Alexander. It’s necessary to hammer out the details of what a cyber security profession looks like, and “…what KSAs for each level are needed to be successful.”

For more on the cyber security talent shortage, visit Dark Reading.