The portrait of modern information security professional

Analyzing the reasons of cybersecurity skills shortage


Cyberattack disruptions to banks, industry and critical infrastructure are said to cost the global digital economy in excess of $10.5 trillion a year. While cybercrime is rising globally, businesses are facing a huge cybersecurity talent shortage, with many positions requiring cybersecurity skills remaining unfilled. According to the World Economic Forum and ISC2 – the world’s leading member organization for cybersecurity professionals – right now, we need 4 million cybersecurity experts to support today’s global economy.

The human factor is a key element in the global cybersecurity ecosystem. No matter how reliable cybersecurity solutions are, human imperfections will always remain a huge vulnerability in an organization’s threat protection. And those in charge of safety in cyberspace can also make mistakes such as ignoring alerts, misinterpreting data, or errors leading to data leakages or breaches in the company. They also need to keep up-to-date with the latest dangers and threat fighting techniques. According to a recent Kaspersky study, companies had suffered at least one cyber incident in the last two years due to a lack of qualified cybersecurity staff. To counter this shortage, they wanted to hire more qualified information security (InfoSec) specialists, acquire software to manage cybersecurity and four in ten were even willing to outsource the job. But, with the world shortage of InfoSec professionals, this is easier said than done. In the first half of 2023, despite a growth of 9 percent, the global cybersecurity workforce gap still has a shortfall of nearly 4 million experts. What is the reason for this dilemma?

Perhaps this problem is a result of the peculiarities of the education industry or the consequence of the fast-evolving threat landscape: when keeping pace with the latest industry developments, companies worldwide are forced to face the need to evaluate and enhance their InfoSec employees’ skills to tackle the rapidly growing cyber threats. The skills shortage, the lack of InfoSec professionals, and the increased number of cyberthreats create a vicious circle. This problem has existed for many years: however, many cyber professionals state the skills gap has not narrowed. In fact, it has gotten even worse.

Kaspersky’s global report “The portrait of modern information security professional” seeks to analyse the exact reasons behind this gap in the cybersecurity workforce and looks both into the aspect of education and the current state of the labor market. The research reveals how cybersecurity education programs are struggling to keep pace with the latest industry developments and how they affect cybersecurity professionals’ career paths. It also identifies the most understaffed roles, the skills and characteristics bosses look out for in the hiring process and how they evaluate potential candidates’ effectiveness and their education.


For the report, Kaspersky commissioned Grand View Research to undertake a survey, questioning CIOs, heads of SOC, leading specialists, team heads, and InfoSec experts with various degrees of experience: less than one quarter (22%) have held their job for two to five years, more than one third (37%) have worked in their position for more than ten years, but the majority (41%) have five to ten years’ experience. All the respondents worked across a variety of industries including IT, Consumer Goods and Retail, CME (chemicals, metals and energy), and Government Agencies.

The research was conducted with 1,012 InfoSec professionals in 29 countriesUSA, DACH (Germany, Austria, Switzerland), UK, France, Italy, Spain, Benelux (Belgium, Netherlands and Luxembourg), Brazil, Mexico, Argentina, Colombia and Chile, Saudi Arabia, UAE, Turkey, South Africa, Nigeria, Egypt, India, Japan, China, Malaysia, Singapore, Indonesia, Russia., from Asia-Pacific, Europe, the META region, plus North and Latin America.

The report is made up of four chapters, namely:

Part 1. Cybersecurity Education Lags as Professionals Struggle On

Part 2. The way business and InfoSec professionals interact