Light Dark
February 8, 2023 By Jennifer Gregory 2 min read
News

Having a skilled team of cybersecurity professionals is an organization’s best defense against threat actors. Not only can it decrease the risk of cybersecurity attacks, but it also reduces business disruption when attacks do occur. However, the 2022 ISC2 Cybersecurity Workforce Study found that the Asia-Pacific (APAC) region is facing a troubling gap in its cybersecurity workforce.

The study surveyed 11,779 cybersecurity professionals across the world in 14 regions, including Singapore, Australia, South Korea, Japan, China, India, the US and the UK. That data suggests that new strategies may be necessary to meet the universal need for cybersecurity professionals.

The workforce grows, but the gap widens

The global cybersecurity workforce grew 11.1% over the previous year, and the APAC region saw the biggest increase at 15.6%. However, the gap between the current workforce and the number of professionals the region needs grew by 52.4% or 2.16 million workers. The APAC gap grew significantly compared to the global average gap of 26.2%.

The cybersecurity workforce gap is of concern to professionals worldwide. The report found that current workers in the field are most concerned about cybersecurity risks with emerging technology over the next two years. More professionals in the APAC region (65%) reported this as their main concern, compared to Latin America (62%), North America and Europe (60%) and the Middle East and Africa (59%).

Additionally, 60% of APAC respondents felt that the cybersecurity shortage is significant, and 56% of cybersecurity professionals in the region felt that the gap put their company at either a moderate or extreme risk of attack.

Reducing the cybersecurity workforce gap

Organizations across the globe, including in the APAC region, can proactively take action to reduce the workforce shortage. Here are ways to close the gap:

Pay competitive wages

Paying cybersecurity professionals market rates helps attract new talent to the field and prevents current professionals from leaving the industry. The APAC region was the second-lowest in pay, with an average salary of $59,379 compared to the North American average of $134,800. The Latin American region came in last with an average yearly pay of $22,185.

Focus on retention

While hiring new talent might reduce the shortage, each time an employee leaves an organization the gap widens even more. Organizations should proactively work to retain employees by offering flexible work schedules, creating custom career paths and promoting from within. Organizations can also reduce attrition by reducing burnout through wellness programs and maintaining a focus on work/life balance. Preventing online or in-person harassment against cybersecurity professionals is another important way to prevent attrition.

Consider a skilling/badges approach to hiring

Many cybersecurity positions require specialized skills, but not necessarily a four-year college degree. By removing the degree requirement and changing the focus to skilling, organizations can increase their pool of qualified applicants. Digital badges are one solution. Teachers in K-12 can also help reduce the gap by introducing those digital badges as part of their curriculum.

Organizations with open cybersecurity positions are at a disadvantage against increasingly sophisticated cyberattacks. When entire regions (such as APAC) face significant shortages, the risk increases even more. By increasing the number of qualified applicants and helping to reduce attrition, the APAC region can begin to close that gap.

 |  | 
Jennifer Gregory
Cybersecurity Writer

More from News
March 26, 2025

We are moving!

< 1 min read - SecurityIntelligence.com is being sunset, but have no fear!We have a new home for all of your favorite security and X-Force content.Follow us to www.ibm.com/think to maintain access to the stories and news you love, both new and old.Security Intelligence will officially sunset on Friday, March 28, 2025. To access the latest security thought leadership, go here. To access the latest X-Force research, go here.If you are experiencing cybersecurity issues or an incident, contact X-Force® to help:US hotline: 1-888-241-9812 | Global hotline:…

March 4, 2025

FYSA — VMware Critical Vulnerabilities Patched

< 1 min read - SummaryBroadcom has released a security bulletin, VMSA-2025-0004, addressing and remediating three vulnerabilities that, if exploited, could lead to system compromise. Products affected include vCenter Server, vRealize Operations Manager, and vCloud Director.Threat TopographyThreat Type: Critical VulnerabilitiesIndustry: VirtualizationGeolocation: GlobalOverviewX-Force Incident Command is monitoring activity surrounding Broadcom’s Security Bulletin (VMSA-2025-0004) for three potentially critical vulnerabilities in VMware products. These vulnerabilities, identified as CVE-2025-22224, CVE-2025-22225, and CVE-2025-22226, have reportedly been exploited in attacks. X-Force has not been able to validate those claims. The vulnerabilities…

January 13, 2025

Insights from CISA’s red team findings and the evolution of EDR

3 min read - A recent CISA red team assessment of a United States critical infrastructure organization revealed systemic vulnerabilities in modern cybersecurity. Among the most pressing issues was a heavy reliance on endpoint detection and response (EDR) solutions, paired with a lack of network-level protections. These findings underscore a familiar challenge: Why do organizations place so much trust in EDR alone, and what must change to address its shortcomings? EDR’s double-edged sword A cornerstone of cyber resilience strategy, EDR solutions are prized for…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today
© 2025 IBM Contact Privacy Terms of use Accessibility Cookie Preferences
Sponsored by si-icon-eightbarfeature