Hand in your notice – by 2022 there'll be 350,000 cybersecurity vacancies

The General Data Protection Regulation (GDPR) will force European organisations to expand their cyber workforce, causing demand to outstrip the supply of expertise.

Two in five governments and companies will expand their cybersecurity divisions by more than 15 per cent in the next 12 months, according to a survey by the International Information System Security Certification Consortium, or (ISC)². This will lead to a shortfall of 350,000 cyber workers across the continent by 2022.

Europe's cyber workforce will expand faster than any other region in the world. Demand is driving record salaries with 39 per cent of UK cyber workers commanding annual salaries of more than £87,000.

The (ISC)² report, titled Benchmarking Workforce Capacity and Response to Cyber Risk, is part of the industry association's Global Information Security Workforce Study based on a survey of 19,000 cybersecurity professionals (3,694 from Europe). The study was conducted by analysts Frost & Sullivan for the Center for Cyber Safety and Education, with the support of (ISC)², Booz Allen Hamilton and Alta Associates.

The report describes a revolving door of "scarce, highly paid workers" amid a non-existent unemployment rate of just 1 per cent in Europe. Organisations are struggling to retain their staff, with 21 per cent of the global workforce stating that they left their job in the past year, and facing high salary costs.

In order to manage the skills gap, (ISC)² is calling on employers to do more to embrace newcomers and a changing workforce ahead of the adoption of GDPR, which comes into force next May. Training and a willingness to hire promising people from outside the existing cybersecurity workforce will be crucial.

Workers with non-computing backgrounds account for nearly a fifth of the current workforce in Europe. Employers need to open their doors to new, younger and more diverse talent, according to (ISC)².

Adrian Davis, EMEA managing director at (ISC)², said: "There are real structural concerns hampering the development of the job market today that must be addressed. It is particularly concerning that employers appear reluctant to invest in their workforce and are unwilling to hire less experienced candidates. If we cannot be prepared to develop new talent, we will lose our ability to protect the economy and society."

Raj Samani, fellow and chief scientist at McAfee, said that the skills shortage is likely to hit smaller businesses and government harder than large enterprises.

"The impact of this rising price for cyber expertise is that smaller and public sector organisations may find themselves priced out of employing top talent," Samani warned, adding that automation of basic processes can help mitigate this. ®