The Covid-19 pandemic (which has accelerated the digitalisation of society), repeated attacks on U.S. critical infrastructure, and the global geopolitical context are all factors that explain a worrying worsening of the talent shortage in the U.S. cybersecurity sector.
According to the latest figures from CyberSeek, about one million people work in cybersecurity in the U.S., but there are nearly 600,000 unfilled positions. Of those, 560,000 are in the private sector. In the last 12 months, job openings have increased by 29%, compared to the normal 16%.
The cyber worker shortage is a particular problem with smaller organisations—everything from municipalities and law firms to hospitals and SMEs—that cannot offer high enough pay to attract the few high-skilled workers available, making them all the more vulnerable to cyberattacks.
In November 2021, the Department of Homeland Security rolled out a new system for hiring cybersecurity personnel, with a new pay scale system: a federal cybersecurity worker is now allowed to make as much as $255,800 annually, equivalent to the salary of Vice President Kamala Harris.
Jen Easterly, Director of CISA, estimates that without a massive public plan, the number of unfilled cybersecurity jobs could reach 3.5 million within three years.