In certain instances, we may earn revenue when a reader makes a purchase or completes a form through our pages or on a partner’s website. We adhere to a strict The cybersecurity skills gap is getting harder to ignore.
A report by the World Economic Forum and Accenture shows that millions of cybersecurity roles were still unfilled in 2024, even as threats became more complex and frequent. Organizations struggled to find and keep skilled people, and it started to show.
This article looks at what’s behind the shortage, and how companies are trying to close the gap before it grows any wider.
Key Takeaways
- The cybersecurity skills gap widened significantly. In 2025, up to 4.8 million roles remained unfilled, leaving many organizations without the support they need.
- With cybersecurity demand rising, companies are focusing more on training existing staff, starting apprenticeship programs, and hiring people from different backgrounds.
- Burnout became a serious issue. Many professionals started leaving the field, which is making the cybersecurity talent shortage even worse.
- Long-term success depends on more than hiring. Companies must create supportive workplaces and update how they train and develop their teams.
- If the cybersecurity demand keeps growing and the skills gap isn’t addressed, organizations will find it harder to stay secure in the years ahead.
Why The Cybersecurity Skills Gap Is Getting Worse
The shortage of cybersecurity professionals is becoming harder to ignore, with experts estimating that the global gap sat between 2.8 and 4.8 million roles in 2024. That’s a huge number of jobs going unfilled, and it’s a key reason the cybersecurity skills gap keeps getting wider.
This shortage is putting a lot of pressure on organizations. Many are finding it harder to keep their systems secure, not because of weak tools or bad processes, but because they’re missing the people with the right expertise.
Here’s what happened:
- About two-thirds of companies said they don’t have the cybersecurity skills they need to defend against attacks.
- Only 14% of organizations felt they had enough cybersecurity talent to meet their current goals.
- In the public sector, things were even tougher – 49% reported workforce shortages, up 33% from last year.
This isn’t just a hiring problem anymore – it’s a sign that the cybersecurity talent shortage is affecting how businesses protect themselves daily. Without enough skilled professionals, even basic security tasks can fall through the cracks, making it harder to stay ahead of threats.
How Companies Are Trying To Close The Skills Gap
To keep up with rising threats, companies aren’t just hiring – they’re changing how they think about talent. The focus is shifting from chasing perfect candidates to growing stronger teams from within.
The most common approach in 2024 was upskilling. Around 76% of organizations trained their current employees to handle today’s security demands, which makes sense in a competitive market where experienced professionals are hard to come by.
External hiring was still happening – 54% of companies were actively recruiting from the outside – but it wasn’t enough on its own. There just aren’t enough people with the right cybersecurity skills, and the competition for them is tough.
To fill the gap, many companies started trying new strategies:
- 24% launched apprenticeship programs to bring in fresh talent.
- 23% hired people with backgrounds outside of traditional IT or cyber, like law, finance, or communications, recognizing that strong cyber skills don’t always come from a computer science degree.
This move toward a “skills-first” mindset is gaining ground. Instead of ticking boxes for specific credentials, employers are starting to look for the actual cybersecurity skills needed to do the job, such as problem-solving, adaptability, and clear communication.
It’s a more flexible approach and one that may be key to closing the cybersecurity skills gap in the long run.
Retaining Cybersecurity Talent Is Half the Battle
Hiring skilled people is only part of the challenge – keeping them is just as important. And right now, many cybersecurity professionals are under pressure.
Even more worrying, one in four planned to leave the field completely. Burnout was a big reason why.
The expectations placed on security leaders are often too much. The report outlines that:
- 66% of CISOs felt overwhelmed by the demands of the job
- Over half experienced burnout or saw it happen to someone on their team
These pressures are making it harder to hold on to experienced cybersecurity talent. When people walk away, they take their hard-earned cybersecurity skills with them, and that kind of knowledge isn’t easy to replace.
What helped? Companies focusing on people-first strategies tended to see better retention. That includes:
- Healthier workloads
- Clear opportunities for career growth
- Recognition for the work their teams are doing
A Roadmap for Long-Term Resilience
Closing the cybersecurity skills gap won’t happen overnight. It takes more than just filling roles, because it’s about building a stronger foundation for the future.
The World Economic Forum has laid out a framework that could help. It encourages organizations to rethink how they approach recruitment and talent development. That includes:
- Removing barriers that stop people from entering the field
- Making sure HR teams understand what cybersecurity roles really require
- Creating more inclusive and flexible entry points
The goal is to create a system that’s built to last. Companies need to focus on workplace cultures that support long-term careers, not just short-term hiring targets.
Education is part of the solution, too. As threats change, training must change with them. Cybersecurity programs and courses should be updated regularly so that workers can build the cyber skills they actually need.
It’s a long-term fix, but one that could make the whole industry more resilient.
The Bottom Line
The cybersecurity skills gap is no longer a future concern – it’s a present-day challenge affecting how organizations protect themselves. With millions of roles unfilled, growing burnout, and evolving threats, companies need to rethink how they hire, train, and retain talent.
Long-term resilience depends on flexible hiring, internal upskilling, and modern education. Bridging the gap will take time, but the cost of inaction is far greater.
FAQs
What skills do I need for cybersecurity?
What are hard skills in cybersecurity?
What is the strategy for addressing the IT cybersecurity skill gap?
References
- Global Cybersecurity Outlook 2025 (Reports.weforum)
