Bad news for banks: Cybersecurity talent shortage is growing

Job opportunities for cybersecurity specialists continue to grow significantly faster than other occupations, and cybersecurity experts are in high demand, especially in the financial services industry.

The findings are significant for banks, which represent a respectable share of the cybersecurity job market and often must compete with tech companies for top cybersecurity talent.

According to an October survey from Boston Consulting Group, within the global cybersecurity job market, 1.2 million cybersecurity professionals are employed by the financial services sector, behind only the technology sector, which has 1.4 million.

Banks were among the earliest organizations to be aware of the cyber talent gap, according to Mark Nicholson, a financial services industry leader for Deloitte's cyber practice. However, the sheen of financial district offices has faded as cyber workforces in other industries largely remain remote and banks move their workers back into the office.

"Twenty years ago, banks were able to attract top talent coming out of universities, as those new professionals wanted to work on Wall Street," Nicholson said. "Today, that may be less the case as workplace and corporate cultural trends swing continued toward remote or hybrid work and increased work hour flexibility — both of which we know cyber professionals appreciate."

Industry News

JPMorgan returns to the office. Will other banks follow?

January 15, 2025 6:00 AM

Demand for cybersecurity work

The Bureau of Labor Statistics projects a 33% job growth for jobs with the title of "information security analyst" from 2023-2033, significantly faster than the average for all occupations, according to data released in August. This translates to an estimated 59,100 new jobs in the next decade, on top of the 180,700 existing jobs.

However, cybersecurity touches many roles, and there is a wide range of titles that a person can hold while practicing cybersecurity as a primary or secondary part of their job. As such, other estimates peg the number of cybersecurity professionals in the U.S. job market at a much higher point and the projected job growth at a lower point, though still higher than the average job.

One such estimate from Cyberseek, the product of a three-entity coalition that includes the National Institute of Standards and Technology, puts the number of existing cybersecurity workers in the U.S. at 1,251,007 as of 2025. It also found there are 457,398 cybersecurity job openings nationwide.

In the finance and insurance sector, the total cybersecurity workforce is 117,138, according to Cyberseek, and the number of job openings in the sector is 40,308. This means roughly 9% of the cybersecurity workforce is in the finance and insurance sector.

Another estimate from the International Information System Security Certification Consortium, or ISC2, estimates there are 1,454,868 cybersecurity professionals in North America as of October. That report, which included a survey of companies that hire cybersecurity specialists, found that employers consider strong communication skills the most valuable single trait in a candidate, with strong problem-solving abilities next most valuable.

A third estimate, from a May report commissioned by the National Science Foundation and based on 2022 BLS data, puts the range between 164,000 and 3,492,000, depending on how broad a definition of "cybersecurity worker" is used.

Cybersecurity talent gap

Every estimate of the supply of talent for cybersecurity professionals indicates there is a wide gap in the number of workers qualified to do the work and the number of jobs they can fill, and that there is a very low amount of unemployment in the field.

Cyberseek data indicates that there are only enough cybersecurity workers in the U.S. to fill 83% of the jobs that employers demand. The ISC2 estimate found that the North American cybersecurity workforce gap in 2024 was 542,687, which was 4% higher than the year before.

The acting CEO of ISC2, Debra Taylor, cited economic conditions as one possible driver of this increase in the talent gap.

"As economic conditions continue to impact workforce investment, this year's Cybersecurity Workforce Study underscores that many organizations are putting their cyber teams under significant strain, risking burnout and attrition as job satisfaction rates fall," Taylor said.

In its study, NSF found that unemployment rates among cybersecurity workers were extremely low compared to its estimates of the number of workers in the field, with an estimate of between 2,500 to 74,000 individuals, putting the unemployment rate for the field between 1% and 2%.

What might be driving the gap

The NSF report also analyzed data on the education pipeline for cybersecurity professionals, finding that it was growing quickly and producing graduates at every degree level, from certificates to Ph.D.s.

The rapid growth "could constitute evidence that the United States does not lack a quantity of new workers and that, instead, the workforce gap is driven by other factors, such as an unclear pipeline and lack of clear data about the skills, knowledge, and credentials needed in the workforce," according to the NSF report.

The researchers who wrote the report also interviewed cybersecurity workers and industry leaders as part of the task. Interviewees emphasized that job openings frequently require work experience in an adjacent computer science job. Industry leaders surveyed said that experience levels, work roles, credentials and certifications required vary widely and are not consistent across cybersecurity jobs.

Social media comments by cybersecurity specialists also revealed frustrations around the work and educational experience that employers require of entry-level cyber professionals. A post about the U.S. job market for cybersecurity, made on the Reddit community for cybersecurity last year, garnered many comments about the entry level market being "completely saturated" and mid- to upper-level jobs being more competitive.

One user commented that the market for entry-level positions is fine, so long as the applicant has a master's degree and 10 years of experience.