A hiring shortfall due to an insufficient pool of suitable candidates is affecting the global cyber security industry according to a survey by (ISC)2 and Frost & Sullivan.
The information security workforce study surveyed 14,000 respondents globally. Sixty two per cent of respondents said their organisation had too few information security professionals. This compared to 56 per cent in the 2013 survey.
The reasons for the hiring shortfall were less about money as more organisations were making the budgets available to hire more staff. An insufficient pool of candidates was causing the shortfall, said respondents.
According to the report, the shortfall in the information security workforce will reach 1.5 million in five years.
“This shortfall is the difference between Frost & Sullivan’s projection of the workforce needed to fully address escalating security staffing needs and our workforce projection that accounts for workforce supply constraints,” states the report.
“This projected workforce shortfall does not mean hiring will stop. Where possible, organisations will increase their security staffing levels. Again reflecting the reality of a constrained pool of suitable candidates, Frost & Sullivan predicts a global increase of 195,000 information security professionals in the next year; an increase of nearly 6 per cent over 2014. “
The survey also found there was high employee turnover. In 2014, almost one in five security professionals changed employers or employment status.
“Across the 2011, 2013, and 2015 surveys, churn of nearly 20 per cent is the highest that has been seen,” states the report.
The survey was conducted over a four month period starting in October 2014.
Follow Hamish Barwick on Twitter: @HamishBarwick