Essential Cybersecurity Job Statistics for 2023

Estimates from ISC2, a nonprofit cybersecurity organization, reveal that the industry employed 4,656,084 specialists across 4 continents and 14 countries. Looking at individual regions, North America had the largest workforce at 1,344,538. With 1,230,365 employees, Latin America was second, while Europe, Middle East, and Africa (EMEA) ranked third with 1,222,154 employees in 2022. Finally, the Asia-Pacific region (APAC) had 859,027 cybersecurity employees in 2022.

(ISC2)

Of the 14 countries in the study referenced above, the US had far and away the world’s largest cybersecurity workforce in 2022. Other countries with significant cybersecurity staffs included Brazil (#2; 687,947), Mexico (#3; 542,418), Germany (#4; 464,749), Japan (#5; 388,402), the United Kingdom (#6; 339,145); South Korea (#7; 249,520), and France (#8; 189,733).

(ISC2)

In 2022, the Dutch cybersecurity industry had 57,672 employees — a massive 64.3% increase from 35,106 in 2021. Similarly, Japan’s cybersecurity staff recorded a 40.4% increase, from 276,556 in 2021 to 388,402 in 2022. The list of countries with significant year-over-year growths also includes France (+29.2%), Spain (+23.2%), and Brazil (+18.3%). Unlike other countries, Germany (-0.01%) and Singapore (-16.5%) saw year-over-year decreases in cybersecurity staff.

(ISC2, IAPP)

Despite adding more than 464,000 workers in 2022, the global cybersecurity industry still needs 3.43 million employees to function at an optimal level. As for individual regions, Asia-Pacific has the most significant shortage and would need 2,163,468 workers to fill it. The gaps are smaller in other regions — 515,879 in Latin America, 436,080 in North America, and 317,050 in EMEA.

(ISC2)

Organizations worldwide are feeling the brunt of the cybersecurity workforce shortage, with 47% saying their dedicated teams are somewhat understaffed and another 15% believing they are seriously understaffed. According to ISACA’s 2022 survey, a lack of funding is one of the main reasons for this. Namely, 39% of company representatives say their cybersecurity efforts are somewhat underfunded, while 15% believe they’re seriously underfunded. For comparison, 42% believe their cybersecurity teams are appropriately funded, and 4% say they’re overfunded.

(ISACA)

Despite the ever-growing cybersecurity job demand, the industry still has a diversity problem. Namely, a 2022 study found that women comprise about a quarter of the sector’s workforce. Worse yet, many women with experience in the field were subject to gender discrimination. On that note, 19% say they dealt with overt discrimination, 29% claim they got harsher reactions to errors than male coworkers, and 53% report facing inexplicable delays in career advancement.

(Boston Consulting Group)

Another contributing factor to the existing cybersecurity workforce gap, employee retention issues occur for many reasons. While 59% of industry insiders say qualified professionals leave for better opportunities at other companies, 48% blame their departures on the lack of financial incentives. At the same time, 47% cite limited advancement opportunities, and 45% point to high work stress levels. Companies themselves are at fault in many cases — 34% say qualified staff leave due to insufficient managerial support, while 30% blame it on poor workplace culture.

(ISACA)

According to a 2022 survey, only 2% of companies would fill a job opening in under a month. At the same time, 6% needed a month and 16% two months to do so. And while 16% needed more than six months, 2% reported they could not fill any of their open positions. One of the key reasons for this is that many of the applicants don’t have the skills required for the job. Namely, in 27% of cases, only 1%–25% of the applicants are actually qualified for the job in question.

(ISACA)

In a reversal of a longstanding trend, many entry-level cybersecurity jobs nowadays require no degree. In Oceania, only 27% of companies required university degrees for such positions in 2022. Similarly, 45% of European, 49% of North American, and 59% of Middle Eastern firms demanded that cybersecurity job applicants have degrees for entry-level positions. On the other hand, degrees are still highly valued in Latin America (61%), Asia (68%), and Africa (71%).

(ISACA)

Within the National Initiative for Cybersecurity Education (NICE) Framework, most job openings in this year-long period fell under the Operate & Maintain (439,981 positions) and Securely Provision (384,607) categories. Other categories with a large number of new openings included Oversee & Govern (266,959), Protect & Defend (214,131), and Collect & Operate (206,886). It’s important to note these categories aren’t mutually exclusive, as one job can fill multiple roles.

(CyberSeek, TechTarget)

The list of states with the highest number of new cybersecurity jobs during this period also includes Virginia (#2; 61,648), Texas (#3; 57,878), Florida (#4; 34,373), Maryland (#5; 30,128), and New York (#6; 27,503). This is in line with the previous two calendar years, when the same six states led the pack. The rest of the top 10 for the year ending in April 2023 includes Illinois (#7; 25,105), Colorado (#8; 22,641), North Carolina (#9; 21,278), and Georgia (#10; 20,624).

(CyberSeek)

Meanwhile, Wyoming (896) saw a massive cybersecurity job growth rate of 48.7% compared to 2021, when it had 545 new openings. It still ranked second-to-last, though, slightly below West Virginia (917), which also had a triple-digit number of new jobs. The rest of the bottom 10 for the year ending in April 2023 included North Dakota (1,075), Alaska (1,324), Delaware (2,317), New Hampshire (2,557), Mississippi (2,631), Rhode Island (2,700), and South Dakota (2,748).

(CyberSeek)

The cybersecurity job outlook in the United States is very positive, with organizations projected to add about 56,500 new information security analyst jobs each year until 2031. This is one of the most sought-after positions in the sector nowadays, and the steady growth in cyberattacks will keep driving the demand for more employees. According to Lightcast, a market analysis company, US companies could employ almost 1.99 million cybersecurity specialists by 2032.

(University of Wisconsin)

Cybersecurity specialists in EMEA averaged $93,535 per year, while their peers in Asia-Pacific made $59,379. Meanwhile, Latin America saw the lowest average annual salary at just $22,185. As for the US, the country’s cybersecurity experts averaged $135,000 in 2022. The actual salary depended on their education, with PhD holders and post-doc students averaging $150,000. On the other hand, those with associate’s degrees and high school diplomas averaged $127,750.

(ISC2)

According to a study by Mondo, a leading US staffing agency, information security officers can net anywhere between $150,000 and $225,000 a year. Cybersecurity engineers have an annual income in the $126,000–$213,000 range, while application security engineers make between $130,000 and $200,000. Network security engineers can net up to $208,000 annually, whereas cybersecurity analysts and the so-called “ethical hackers” can each earn up to $160,000.

(Mondo)

The list of states with the highest salaries also includes California (#2; $137,600), Maryland (#3; $135,920), New Hampshire (#4; $135,320), and Washington (#5; $132,820). The rest of the top 10 comprises Iowa (#6; $132,590), the District of Columbia (#7; $132,200), Virginia (#8; $131,340), Delaware (#9; $130,360), and New Jersey (#10; $129,330).

(Bureau of Labor Statistics)

Puerto Rico’s cybersecurity experts made at least $28,000 less than their peers elsewhere in the US. Other states in the bottom 10 fared much better in terms of the median annual salary, including Mississippi at $85,460, Vermont at $85,860, Wyoming at $87,630, and Indiana at $88,720. The bottom 10 for 2022 also includes Missouri at $88,790, Maine at $89,460, Montana at $90,100, North Dakota at $90,130, and Louisiana at $90,410.

(Bureau of Labor Statistics)

Healthcare is among the sectors most prone to cyberattacks, resulting in a very high demand for cybersecurity experts. According to data published by ZipRecruiter, a cybersecurity analyst working in the healthcare sector averages $61.96 per hour or $10,739 per month. Of course, the actual salaries vary based on numerous factors. And while 17% of all employees have an annual income in the $124,500–$137,999 range, the lucky 3% make up to $192,000 per year.

(ZipRecruiter)

The most recent Exabeam job satisfaction survey found that 49% of cybersecurity experts in the US were satisfied with their earnings, while another 38% said they were “very” satisfied. At the same time, only 4% said they were unhappy with their salaries. Interestingly, although the sector still favors male workers, all female survey participants said they were either “satisfied” (88%) or “neither satisfied nor dissatisfied” (12%) with their salaries. For comparison, 4% of men working in the sector said they were unhappy with their earnings, and 1% said they were “very unhappy.”

(Exabeam)