February 8, 2023 By Jennifer Gregory 2 min read

Having a skilled team of cybersecurity professionals is an organization’s best defense against threat actors. Not only can it decrease the risk of cybersecurity attacks, but it also reduces business disruption when attacks do occur. However, the 2022 ISC2 Cybersecurity Workforce Study found that the Asia-Pacific (APAC) region is facing a troubling gap in its cybersecurity workforce.

The study surveyed 11,779 cybersecurity professionals across the world in 14 regions, including Singapore, Australia, South Korea, Japan, China, India, the US and the UK. That data suggests that new strategies may be necessary to meet the universal need for cybersecurity professionals.

The workforce grows, but the gap widens

The global cybersecurity workforce grew 11.1% over the previous year, and the APAC region saw the biggest increase at 15.6%. However, the gap between the current workforce and the number of professionals the region needs grew by 52.4% or 2.16 million workers. The APAC gap grew significantly compared to the global average gap of 26.2%.

The cybersecurity workforce gap is of concern to professionals worldwide. The report found that current workers in the field are most concerned about cybersecurity risks with emerging technology over the next two years. More professionals in the APAC region (65%) reported this as their main concern, compared to Latin America (62%), North America and Europe (60%) and the Middle East and Africa (59%).

Additionally, 60% of APAC respondents felt that the cybersecurity shortage is significant, and 56% of cybersecurity professionals in the region felt that the gap put their company at either a moderate or extreme risk of attack.

Reducing the cybersecurity workforce gap

Organizations across the globe, including in the APAC region, can proactively take action to reduce the workforce shortage. Here are ways to close the gap:

Pay competitive wages

Paying cybersecurity professionals market rates helps attract new talent to the field and prevents current professionals from leaving the industry. The APAC region was the second-lowest in pay, with an average salary of $59,379 compared to the North American average of $134,800. The Latin American region came in last with an average yearly pay of $22,185.

Focus on retention

While hiring new talent might reduce the shortage, each time an employee leaves an organization the gap widens even more. Organizations should proactively work to retain employees by offering flexible work schedules, creating custom career paths and promoting from within. Organizations can also reduce attrition by reducing burnout through wellness programs and maintaining a focus on work/life balance. Preventing online or in-person harassment against cybersecurity professionals is another important way to prevent attrition.

Consider a skilling/badges approach to hiring

Many cybersecurity positions require specialized skills, but not necessarily a four-year college degree. By removing the degree requirement and changing the focus to skilling, organizations can increase their pool of qualified applicants. Digital badges are one solution. Teachers in K-12 can also help reduce the gap by introducing those digital badges as part of their curriculum.

Organizations with open cybersecurity positions are at a disadvantage against increasingly sophisticated cyberattacks. When entire regions (such as APAC) face significant shortages, the risk increases even more. By increasing the number of qualified applicants and helping to reduce attrition, the APAC region can begin to close that gap.

More from News

Hackers are increasingly targeting auto dealers

3 min read - Update as of July 11, 2024 In late June, more than 15,000 car dealerships across North America were affected by a cyberattack on CDK Global, which provides software to car dealers. After two cyberattacks over two days, CDK shut down all systems, which caused delays for car buyers and disruptions for the dealerships. Many dealerships went back to manual processes, including handwriting up orders, so that sales could continue at a slower pace. Car buyers who recently bought a car from…

CISA director says banning ransomware payments is off the table

3 min read - The FBI, CISA and NSA all strongly advise against organizations making ransomware payments if they fall victim to ransomware attacks. If so, why not place a ban on paying ransomware demands? The topic came up at a recent Oxford Cyber Forum. Jen Easterly, Director of CISA, commented on the issue, saying, “I think within our system in the U.S. — just from a practical perspective — I don’t see it happening.” It’s unlikely this was a purely spontaneous remark as the…

A proactive cybersecurity policy is not just smart — it’s essential

3 min read - It’s easy to focus on the “after” when it comes to cybersecurity: How to stop an attack after it begins and how to recover when it's over. But while a reactive response sort of worked in the past, it simply is not good enough in today’s world. Not only are attacks more intense and more damaging than ever before, but cyber criminals also use so many different attack methods. Zscaler ThreatLabz 2024 Phishing Report found that phishing attacks increased by…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today