Modern field guide to security and privacy

What are the world’s information security professionals thinking about?

Understanding the global information security workforce is a necessary first step to growing and building the field.

Ever wondered what the global information security workforce thinks are the industry’s major issues?

At (ISC)², we believe it’s important to keep a pulse on what’s happening in the industry, which is why we’ve conducted the Global Information Security Workforce Study (GISWS) on a bi-annual basis since 2004.

This year’s top concerns include data exposure, security misconfiguration, data exfiltration, malware and social engineering. However, the most common security threats, in order, are malware, social engineering, security misconfiguration and insider threat.

Data exposure has caused problems for many companies in the public eye, so seeing that at the top of the list should be no surprise. What’s interesting is that a fear of an insider threat shows up on the list of the most common security threats; however, it wasn’t placed on the list of top concerns of cybersecurity professionals.  

In addition to digital threats, the gap in the information security workforce has expanded again this year, up to 1.8 million professionals needed from 1.5 million in 2015.

In fact, 66 percent of respondents said that their organization has too few information security workers. This number has increased over the years – in the 2015 study, 62 percent of survey respondents stated that their organizations had too few information security professionals and in 2013, it was 56 percent.

For the 2017 GISWS, we have a quality respondent sample of over 19,000, compared to over 13,000 respondents in the last study.

The respondent pool is also more regionally diverse, with 10,584 respondents from North America, 3,694 respondents from Europe, 1,075 respondents from Middle East and Africa, 979 respondents from Latin America and 3,309 respondents from Asia-Pacific in the 2017 study.

Just over half of respondents (51 percent) are in management-level or higher positions, while nearly half (48 percent) are in non-managerial staff positions, so we’re getting a close to an equal perspective from both sides of the desk. The highest number of respondents identified themselves as information security professionals (35 percent), followed by IT professionals (17 percent) and cybersecurity or risk professionals (14 percent).

In terms of industries, professional services ranked the highest, with 29 percent of respondents identifying as working within that industry. Banking/insurance/finance was the next highest industry, with 17 percent of respondents, followed by government (12 percent), military services, armed forces or defense (9 percent) and telecommunications and media (8 percent).

We have more than enough data this time around to turn the study into multiple reports instead of one 40-plus-page report. For the 2017 (ISC)² Global Information Security Workforce Study, we will release a series of reports on millennials, women in cybersecurity, U.S. government, Asia-Pacific, North America, Latin America, EMEA, global and diversity in the U.S. The former 40-page report was the mile wide, inch deep version. Now with a variety of analyses and reports, we’re offering a deeper dive into specific sets of data.

The first analysis on millennials in cybersecurity was released during the RSA Conference in San Francisco. The next report on women in cybersecurity will be released on March 8, which is International Women’s Day. The other reports will be issued throughout the year. Follow (ISC)2 on Facebook and LinkedIn to keep a pulse on what’s happening with the information security workforce, and visit our website at www.isc2.org.