Cyber SafetyPress ReleaseThreat Detection & Defense

Asia-Pacific Cybersecurity Workforce Grows, Yet a 2.6 Million Professional Gap Persists

ISC2 – the world’s leading nonprofit member organisation for cybersecurity professionals – estimates the Asia-Pacific (APAC) cybersecurity workforce has reached just under one million (960,231) people, an 11.8% increase from 2022, representing more than 100,000 new jobs, and higher than the global average growth of 8.7%. While this is the highest workforce ISC2 has ever recorded in the region, the 2023 ISC2 Cybersecurity Workforce Study brings to light that demand is still outpacing supply. The APAC cybersecurity workforce gap has reached a record high, with 2.6 million professionals needed to adequately safeguard digital assets, representing a 23.4% increase in 2022, the greatest increase globally alongside North America. This year’s study included 3,685 APAC-based cybersecurity professionals, among a total of 14,865 professionals globally.

The research also finds new challenges impacting professionals in the field, including economic uncertainty, artificial intelligence, fragmented regulations and skills gaps. Additionally, a challenging threat landscape continues to loom over the field, with 71% of APAC (79% in Singapore) cybersecurity professionals saying the current threat landscape is the most challenging it has been in the last five years. Only 59% (65% in Singapore) believe their organization has adequate tools and people to respond to cyber incidents over the next two to three years.

The challenges facing APAC-based cybersecurity professionals include:

Workforce and Skills Gaps:

  • Japan has recorded a 97.6% increase in its workforce gap from 2022 while India has recorded a 40.2% increase, the highest in the region.
  • In Singapore, where there is rapid growth in supply, demand is finally starting to catch up such that the workforce gap actually shrank by 34.8% from 2022.
  • Despite some progress in closing the workforce gap in select markets, 94% of APAC cybersecurity professionals report skills gaps at their organization.
  • The top three skills gaps at APAC organizations are artificial intelligence/machine learning (33%), cloud computing security (32%), and penetration testing (29%).
    • In Singapore, the top three skills gaps are artificial intelligence/machine learning (35%), zero trust implementation (32%) and cloud computing security (31%).
  • 51% of global organizations that have had cybersecurity layoffs have been impacted by one or more significant skills gaps compared to just 39% of organizations that have not had layoffs.

Economic Uncertainty:

  • 44% of APAC respondents experienced cutbacks, which included budget cuts, layoffs and hiring and promotion freezes, slightly lower than the global average of 47%. Singapore respondents reported cutbacks that are above the global average, at 51%.
  • 37% of APAC respondents (41% in Singapore) faced cuts to cybersecurity training programs, vital for skills development and workforce growth.
  • 73% of APAC respondents say that cutbacks have increased their workload, while two-thirds say it has negatively impacted their team morale (67%) and productivity (66%).
    • 71% of Singapore respondents say that cutbacks have increased their workload; 70% say it has negatively impacted their team morale and 67% say it has negatively affected productivity.
  • 62% of APAC respondents (64% in Singapore) said their response to threats has been inhibited by cutbacks, and 58% (59% in Singapore) have seen an increase in insider risk-related incidents.
  • 38% of APAC professionals (47% in Singapore) believe that cutbacks will continue into 2024, and 69% (71% in Singapore) expect those cutbacks to include layoffs.

Emerging Technologies

  • Despite 33% of cybersecurity professionals in APAC seeing artificial intelligence (AI) as the top challenge they will face in the next two years, 42% have no or minimal knowledge of AI.
    • Despite 47% of cybersecurity professionals in Singapore seeing AI as the top challenge in the next two years, 42% have no or minimal knowledge of the technology.
  • 31% of APAC respondents and 52% of professionals in Singapore see cloud computing security as the most sought-after skill for career advancement.

“While we celebrate the progress some APAC markets have made in closing the workforce gap, the reality is that the region as a whole still has much work to do to ensure an adequate supply of cybersecurity professionals to protect organizations and their critical assets,” said ISC2 CEO Clar Rosso, CC. “Amid the current threat landscape, which is the most complex and sophisticated it has ever been, the escalating challenges facing cybersecurity professionals underscore the urgency of our message: organizations must invest in their teams, both in terms of new talent and existing staff, equipping them with the essential skills to navigate the constantly evolving threat landscape. It is the only way to ensure a resilient profession that can strengthen our collective security.”

Empowering Cybersecurity Workforce for the Future
Organizations are actively adopting strategies to strengthen their cybersecurity teams. Survey respondents in APAC say their organizations are investing in staff training (68%), supporting certifications (63%), and expanding their teams by recruiting, hiring and onboarding new staff (63%) to prevent or mitigate staff shortages. Beyond supporting the training and development of staff, organisations in APAC are also offering flexible work conditions (59%) and funding diversity, equity, and inclusion (DEI) programs (56%) to support their employees.

Hiring for the Non-Technical Skills
In addition to technical proficiency in various skills, cybersecurity professionals in APAC stress the importance of non-technical attributes. Problem-solving skills (39%) top the list, followed by the ability to effectively communicate (35%), and the curiosity and eagerness to learn (33%).

Fostering Diversity and Inclusion in Cybersecurity
To promote a more diverse workforce, organizations are embracing DEI initiatives, incorporating skills-based hiring, and revising job descriptions to emphasize DEI goals.

Organizations in APAC adopting skills-based hiring have seen a positive impact, with 65% of hiring managers seeing an increase in job applications from technically skilled individuals without prior cybersecurity work experience. In Singapore, organizations will skills-based hiring also note an average of 33% of women in their workforce compared to 23% among those who haven’t embraced this initiative.

However, there’s still work to be done, as women represent only 14% of cybersecurity professionals under the age of 30 in the region, signalling a need to continue encouraging women to join the workforce.

Reassuringly, 67% of cybersecurity professionals in APAC recognize that DEI initiatives not only drive diversity but also boost workforce effectiveness. Organizations implementing DEI hiring practices report a stronger sense of preparedness among their cybersecurity professionals in dealing with cyber threats over the next two to three years.

CSA Editorial

Launched in Jan 2018, in partnership with Cyber Security Malaysia (an agency under MOSTI). CSA is a news and content platform focusing on key issues in cybersecurity in the region. CSA is targeted to serve the needs of cybersecurity professionals, IT professionals, Risk professionals and C-Levels who have an obligation to understand the impact of cyber threats.

Related Articles

Leave a Reply

Your email address will not be published. Required fields are marked *