February 8, 2023 By Jennifer Gregory 2 min read

Having a skilled team of cybersecurity professionals is an organization’s best defense against threat actors. Not only can it decrease the risk of cybersecurity attacks, but it also reduces business disruption when attacks do occur. However, the 2022 ISC2 Cybersecurity Workforce Study found that the Asia-Pacific (APAC) region is facing a troubling gap in its cybersecurity workforce.

The study surveyed 11,779 cybersecurity professionals across the world in 14 regions, including Singapore, Australia, South Korea, Japan, China, India, the US and the UK. That data suggests that new strategies may be necessary to meet the universal need for cybersecurity professionals.

The workforce grows, but the gap widens

The global cybersecurity workforce grew 11.1% over the previous year, and the APAC region saw the biggest increase at 15.6%. However, the gap between the current workforce and the number of professionals the region needs grew by 52.4% or 2.16 million workers. The APAC gap grew significantly compared to the global average gap of 26.2%.

The cybersecurity workforce gap is of concern to professionals worldwide. The report found that current workers in the field are most concerned about cybersecurity risks with emerging technology over the next two years. More professionals in the APAC region (65%) reported this as their main concern, compared to Latin America (62%), North America and Europe (60%) and the Middle East and Africa (59%).

Additionally, 60% of APAC respondents felt that the cybersecurity shortage is significant, and 56% of cybersecurity professionals in the region felt that the gap put their company at either a moderate or extreme risk of attack.

Reducing the cybersecurity workforce gap

Organizations across the globe, including in the APAC region, can proactively take action to reduce the workforce shortage. Here are ways to close the gap:

Pay competitive wages

Paying cybersecurity professionals market rates helps attract new talent to the field and prevents current professionals from leaving the industry. The APAC region was the second-lowest in pay, with an average salary of $59,379 compared to the North American average of $134,800. The Latin American region came in last with an average yearly pay of $22,185.

Focus on retention

While hiring new talent might reduce the shortage, each time an employee leaves an organization the gap widens even more. Organizations should proactively work to retain employees by offering flexible work schedules, creating custom career paths and promoting from within. Organizations can also reduce attrition by reducing burnout through wellness programs and maintaining a focus on work/life balance. Preventing online or in-person harassment against cybersecurity professionals is another important way to prevent attrition.

Consider a skilling/badges approach to hiring

Many cybersecurity positions require specialized skills, but not necessarily a four-year college degree. By removing the degree requirement and changing the focus to skilling, organizations can increase their pool of qualified applicants. Digital badges are one solution. Teachers in K-12 can also help reduce the gap by introducing those digital badges as part of their curriculum.

Organizations with open cybersecurity positions are at a disadvantage against increasingly sophisticated cyberattacks. When entire regions (such as APAC) face significant shortages, the risk increases even more. By increasing the number of qualified applicants and helping to reduce attrition, the APAC region can begin to close that gap.

More from News

Zero-day exploits underscore rising risks for internet-facing interfaces

3 min read - Recent reports confirm the active exploitation of a critical zero-day vulnerability targeting Palo Alto Networks’ Next-Generation Firewalls (NGFW) management interfaces. While Palo Alto’s swift advisories and mitigation guidance offer a starting point for remediation, the broader implications of such vulnerabilities demand attention from organizations globally.The surge in attacks on internet-facing management interfaces highlights an evolving threat landscape and necessitates rethinking how organizations secure critical assets.Who is exploiting the NGFW zero-day?As of now, little is known about the actors behind the…

Will arresting the National Public Data threat actor make a difference?

3 min read - The arrest of USDoD, the mastermind behind the colossal National Public Data breach, was a victory for law enforcement. It also raises some fundamental questions. Do arrests and takedowns truly deter cyberattacks? Or do they merely mark the end of one criminal’s chapter while others rise to take their place? As authorities continue to crack down on cyber criminals, the arrest of high-profile threat actors like USDoD reveals a deeper, more complex reality about the state of global cyber crime.…

CISA adds Microsoft SharePoint vulnerability to the KEV Catalog

3 min read - In late October, the United States Cybersecurity & Infrastructure Security Agency (CISA) added a new threat to its Known Exploited Vulnerability (KEV) Catalog. Cyber criminals used remote code execution vulnerability in Microsoft SharePoint to gain access to organizations’ networks. The CISA press release states that “these types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise.” However, Microsoft identified and released a patch for this vulnerability in July 2024. Cybersecurity experts…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today