Exclusive contribution for The Executive Magazine by Felicia A. Omoediale-Samuel MSc CRISC, a Professional Doctorate Researcher, Cybersecurity & AI GRC Professional, and Non-Executive Director, working at Anglia Ruskin University and Sycom Integrated Solutions
The persistent shortage of cybersecurity workforce remains one of the known challenges facing the technology industry. The increased dependencies on technology for business processes and the complexity of dealing with cyber threats has led to the dire need of cybersecurity professionals. Unfortunately, the demand far exceeds the availability of skilled talents.
A study conducted ISC’s in 2024, revealed a 19% increase in the global cybersecurity workforce gap from 2023 to 2024, with an estimated 4.76 million vacant positions needed to adequately protect organisations. There are predictions that the workforce gaps may reach historic levels in 2025. The lingering question is: What continues to drive such a pronounced shortage?
Causes of the Cybersecurity Skills Shortage
The global cybersecurity talent shortage is not just a headline; it is a reality shaped by several compounding factors. Digitalisation is a major element, as organisations’ digital footprints grow, increasing cyber-attack frequency, persistence, and sophistication. As digital ecosystems evolve in complexity, the need for robust cybersecurity measures becomes ever more critical to safeguard sensitive data and infrastructure.
Another major challenge is the high expectations placed on job seekers. Many organisations seek highly experienced cybersecurity professionals with multiple certifications, years of experience, and broad tool familiarity. These stringent requirements often exclude emerging talent and career changers, narrowing the talent pool and worsening the cybersecurity skills gap.
Funding remains a key challenge. Organisations often prioritise core services, leaving cybersecurity initiatives underfunded. Hiring freezes, limited training budgets, and lean staffing are common, leaving security teams overstretched and hindering talent development. These challenges significantly obstruct the growth of skilled talent at a time when sustained investment in cybersecurity is essential.
The Solution: A Shared Responsibility
For years, the focus has been on what organisations must do to bridge the cybersecurity talent gap, but it has become more apparent that this situation is an industry-wide issue that requires collaboration between employers and aspiring professionals.
From an organisational perspective, businesses should invest in internal talent by supporting transitions from related fields such as IT, software development, and risk management. Creating structured learning pathways like apprenticeships, internships, and mentorships offers practical experience that builds capability. Additionally, partnering with academic institutions and boot camps ensures that training is aligned with evolving industry demands, helping to develop a workforce equipped for current and future cybersecurity challenges.
While companies play a key role, job seekers must also take initiative. Cybersecurity values various professionals, not just IT ones. Aspiring candidates should prioritise industry relevant certifications provided by organisations such as ISC2, ISACA and Cloud Security Alliance. They can also seek hands-on learning through platforms like TryHackMe and CTFs and attend industry networking events and conferences. Success in the area requires staying up to date with the evolving trends.
Bridging the cybersecurity skills gap requires a collective effort. Organisations must step up their talent development strategies, and aspiring professionals must take intentional steps toward growth. The cybersecurity industry is not just for those with years of experience; it is open to anyone with the right mindset, skills, and passion to protect the digital world.
The gap is wide, but the bridge is being built, the goal it to be ready to cross it.
