Cybersecurity was once the province of defense contractors and government agencies, but in this, the third edition of our annual analysis, we find hiring has boomed in industries like Finance, Health Care, and Retail. A glance at the headlines is enough to explain why. In addition to the federal Office of Personnel Management, recent cyber breaches have hit major consumer companies like Chase and Target. According to PwC’s 2015 State of US Cybercrime Survey, a record 79% of survey respondents said they detected a security incident in the past 12 months. Many incidents go undetected, however, so the real tally is probably much higher.
Yet we are also seeing multiple signs that demand for these workers is outstripping supply. Job postings for cybersecurity openings have grown three times as fast as openings for IT jobs overall and it takes companies longer to fill cybersecurity positions than other IT jobs. That’s bad for employers but good news for cybersecurity workers, who can command an average salary premium of nearly $6,500 per year, or 9% more than other IT workers.
Or put another way, there were nearly 50,000 postings for workers with a CISSP certification in 2014, the primary credential in cybersecurity work. That amounts to three-quarters of all the people who hold that certification in the United States—and presumably most of them already have jobs.
This is a gap that will take time to fill. The skills for some IT positions can be acquired with relatively little training, but cybersecurity isn’t one of them. For example, five years of experience are required to even apply for a CISSP certification. That doesn’t even consider the rising demand for experience in a specific industry, like finance or health care. This suggests that the shortage of cybersecurity workers is likely to persist, at least until the education and training system catches up.
2015 Energy Industry Cybersecurity Report
Strategic Cybersecurity: A Toolkit for Prioritizing, Coordinating, and Transforming Your Cybersecurity Program