Despite increased security incidents, a recent survey by Observe and CITE Research found that 47% of organizations plan to reduce their cybersecurity headcount. Yet, 62% of these organizations reported increasing cyber incidents per month. The high cost of employing a robust cybersecurity team and the difficulty of finding qualified candidates are among the cited reasons the headcount is shrinking. The report also found that organizations are struggling to integrate security tools, and increased layoffs further complicate these challenges.
Cybersecurity hiring challenges: Too expensive or not qualified enough?
The news is somewhat surprising, considering the global shortage of cybersecurity professionals and the perception of job security in the field. Recent estimates of the global cyber workforce gap are estimated to be just under 4 million, with an estimated 5.4 million cyber professionals currently employed globally, according to ISC2.
Two-thirds of surveyed companies stated that they had insufficient cybersecurity professionals on staff to prevent and troubleshoot security issues. Nearly half (47%) of cybersecurity workers have experienced cyber-related cutbacks, and 22% of the group has been impacted by layoffs within cybersecurity.
Indeed, one of the largest reasons for the cybersecurity workforce gap is that many candidates are too expensive to hire.
Complex enterprise cybersecurity solutions remain underutilized
If enterprises are struggling to maintain headcount for cybersecurity staff, you would be correct to assume that they must also struggle to deploy and sustain cybersecurity tools. Indeed, 95% of surveyed organizations deploy a Security Incident and Event Management (SIEM) solution. Other cybersecurity tools such as Security, Orchestration Automation and Response (SOAR), User Analytics, and Endpoint Detection and Response (EDR/XDR) also topped the survey results.
However, 13% are using only incident response and 7% are shockingly only relying on a security operations center staff (SOC) to mitigate detected threats.
Even more enlightening is that 84% of surveyed organizations are relying on a single analytics tool for all security and operations data.
As any cybersecurity professional will attest to, each new tool or platform requires an extensive amount of training, funding, and effort to sustain. The limited headcount, tightening budget, and economic conditions will force organizations to do more with less. All as cyberattacks like ransomware continue to proliferate and attack surfaces grow.
Tech and Cyber layoffs: a red flag for the industry?
The findings of this survey are unsustainable. Cybersecurity attacks and incidents are increasing with no slowdown in sight. Hackers don’t take vacation days or holidays off.
It’s already been well-documented that cybersecurity professionals—especially in positions of responding to cyber incidents—are increasingly overstressed, underpaid, and can suffer from mental health decline.
Over 240,000 professionals across all of the tech industry were laid off in 2023. That number is 50% higher than in 2022, and the number may still rise in the final weeks of the year.
Artificial intelligence may not replace cybersecurity professionals soon, but it’s going to have to at least act as an effective copilot to close the gap.
