Millions work in cybersecurity across the globe.
Yet recent data shows signs of growth stagnation, persistent skill shortages, and skewed demographics.
Below, we’ll explore the data in further detail.
- Top Cybersecurity Employment Statistics
- Number of Workers in Cybersecurity Roles in the US
- How Many Employed Cybersecurity Professionals Are There?
- Global Cybersecurity Workforce Trends
- Workforce Shortages & Unfilled Roles
- Cybersecurity Skills Gap
- Valued Cybersecurity Skills
- Regional Comparisons
- Demographics
- Pay & Position Disparities
Top Cybersecurity Employment Statistics
- There are over 1.3 million cybersecurity professionals in the US.
- There are around 5.5 million cybersecurity professionals worldwide.
- The number of cybersecurity employees grew by just 0.1% between 2023 and 2024.
- Almost 40% of cybersecurity managers claim to lack budget.
- The US has the world’s largest cybersecurity workforce at nearly 1.3 million employees
- Around 2 in 3 organizations are experiencing a cybersecurity staffing shortage.
- Approximately 90% of organizations have skills gaps in their cybersecurity setup.
- Over 83% of the cybersecurity workforce is male.
- Cybersecurity professionals with Master’s degrees can earn over 25% more than their peers.
Number of Workers in Cybersecurity Roles in the US
In 2026, there are an estimated 1,337,400 workers employed in cybersecurity-related jobs in the US.

Source: Cyberseek
How Many Employed Cybersecurity Professionals Are There?
According to the most recent estimates, there are approximately 5.5 million people currently working in cybersecurity worldwide.

That total represents just a 0.1% increase from 2023 (but a 17% increase since 2022).
This slower year-over-year growth shows that we’re seeing a cooling from the sharp expansion seen in 2022, when widespread investment in security teams drove a surge in hiring. Even so, the cybersecurity workforce continues to grow at a pace that outstrips many other technology sectors.
At a high level, demand growth has moderated over the last few years. However, the overall trend line remains pointing upward, with organizations continuing to expand their security capabilities in response to evolving threats, like AI attacks.
Source: ISC2
Global Cybersecurity Workforce Trends
Over the past year, cybersecurity teams have observed a decline in hiring and advancement opportunities.
According to 39% of cybersecurity managers, shortages are most commonly caused by a lack of budget. This has overtaken “replacing a shortage of talent” as the top reason.
Budget cuts have reduced funds further, with over a third of respondents (37%) experiencing cutbacks. That’s an increase of 7% over the previous year.
As a possible ripple effect, 1 in 4 cybersecurity employees have observed layoffs (that’s a 3% increase vs. 2023’s figures).
And on a similar note, 38% have seen hiring paused, and 32% have noted fewer promotions (up 6% in the last 12 months).
As a result, it’s unsurprising that cybersecurity job satisfaction is on the decline.
The proportion of cybersecurity employees who are content with their work has dropped from 74% in 2022 to 70% in 2023, and most recently, 66% in 2024.

Nonetheless, that figure remains higher than the average US job satisfaction rate of 51%.
Sources: ISC2, Pew Research Center
Workforce Shortages & Unfilled Roles
Cybersecurity staffing scarcity remains high, with around 2 in 3 (67%) organizations reporting a shortage. That’s despite a recent dip from 69% in 2022.
An alarming 58% claimed that their organizations are at significant risk as a result of understaffing in cybersecurity, up 1% from 2023.
In total, there is a cybersecurity workforce gap of approximately 4.8 million. That’s a 41% increase on 2022’s 3.4 million and a 20% increase on 2023’s 4 million.

Looking at individual countries, China has the largest reported workforce gap at over 2 million. That figure has increased by 19% since 2023, yet it’s far from the biggest change.
With a 77.9% increase, South Korea has seen the largest widening in the workforce gap, closely followed by Australia (71.3%).
Of the 20 assessed countries, just 5 saw the workforce gap cut. The biggest shift towards satisfying cybersecurity job vacancies occurred in Brazil, with a 7.5% change in the right direction.

Here’s a breakdown of the cybersecurity workforce gap by country:
| Country | 2023 Workforce Gap | 2024 Workforce Gap | Change Over Previous Year |
| China | 1.721 million | 2.048 million | ↑ 19% |
| India | 790k | 1.074 million | ↑ 35.9% |
| US | 483k | 504k | ↑ 4.4% |
| Brazil | 232k | 215k | ↓ 7.5% |
| Japan | 110k | 170k | ↑ 53.8% |
| Germany | 105k | 120k | ↑ 15% |
| Mexico | 116k | 114k | ↓ 2.1% |
| UK | 73k | 93k | ↑ 27.1% |
| Spain | 74k | 73k | ↓ 1.7% |
| France | 59k | 69k | ↑ 17% |
| South Africa | 57k | 63k | ↑ 10.1% |
| Australia | 28k | 48k | ↑ 71.3% |
| Canada | 39k | 38k | ↓ 1.2% |
| UAE | 32k | 35k | ↑ 9.7% |
| South Korea | 18k | 31k | ↑ 77.9% |
| Netherlands | 29k | 29k | ↓ 1.6% |
| Saudi Arabia | 14k | 18k | ↑ 26.8% |
| Nigeria | 8k | 9k | ↑ 5.7% |
| Ireland | 7k | 8k | ↑ 9.2% |
| Singapore | 4k | 5k | ↑ 17.7% |
Latin America (5.7% drop) is the only region that has experienced a decline in the cybersecurity workforce gap since 2023.

Here’s the cybersecurity workforce gap by region:
| Region | 2023 Workforce Gap | 2024 Workforce Gap | Change Over Previous Year |
| Asia-Pacific | 2.67 million | 3.375 million | ↑ 26.4% |
| North America | 522k | 543k | ↑ 4% |
| Europe | 348k | 392k | ↑ 12.8% |
| Latin America | 348k | 328k | ↓ 5.7% |
| Middle East & Africa | 112k | 125k | ↑ 11.8% |
Source: ISC2
Cybersecurity Skills Gap
Around 9 in 10 organizations have skills gaps within their cybersecurity setup
According to ICS2, more than one-third (41%) see AI/ML as the most notable skill absent from their team. Cloud computing security (36%) and risk assessment (29%) make up the rest of the top three.

Below is a list of the top skills currently lacking in cybersecurity teams:
| Rank | Technical Skill | Proportion of Organizations Lacking Skill |
| 1 | AI/ML | 41% |
| 2 | Cloud computing security | 36% |
| 3 | Risk assessment | 29% |
| 4 | Application security | 28% |
| =5 | Security engineering and governance | 27% |
| =5 | Risk and compliance (GRC) | 27% |
| 7 | Security analysis | 26% |
| =8 | Threat intelligence analysis | 24% |
| =8 | Zero trust | 24% |
| =8 | Penetration testing | 24% |
Fortinet also reports that “finding candidates with AI experience in cybersecurity” is the biggest recuiting challenge (60%).
The report also found that 91% of IT recruiters prefer to hire candidates with technology-focused certifications. That’s up from 89% in 2024.
Education has the largest reported skill gap (96%), closely followed by construction (94%) and healthcare (94%).

This is how each industry compares in terms of cybersecurity skills shortages:
| Rank | Industry | Total Reported Skill Gap | Critical Reported Skill Gap |
| 1 | Education | 96% | 18% |
| =2 | Construction | 94% | 20% |
| =2 | Healthcare | 94% | 20% |
| 4 | Real Estate | 93% | 15% |
| =5 | Nonprofit | 92% | 16% |
| =5 | Aerospace | 92% | 19% |
| =5 | Telecommunications | 92% | 19% |
| =5 | Non-Security Software/Hardware Development | 92% | 15% |
| =5 | Food/Beverage/Hospitality/Travel | 92% | 16% |
| =5 | Government | 92% | 20% |
| =11 | Manufacturing | 91% | 17% |
| =11 | Energy/Power/Utilities | 91% | 14% |
| =11 | Insurance | 91% | 12% |
| =14 | Military/Military Contractor | 90% | 19% |
| =14 | IT Services | 90% | 17% |
| =14 | Transportation | 90% | 17% |
| =17 | Financial Services | 88% | 13% |
| =17 | Hosted/Cloud Services | 88% | 12% |
| =17 | Automotive | 88% | 14% |
| =20 | Retail/Wholesale | 87% | 17% |
| =20 | Entertainment/Media | 87% | 17% |
| =20 | Consulting | 87% | 12% |
| =20 | Engineering | 87% | 15% |
| 24 | Security Software/Hardware Development | 84% | 13% |
| 25 | Legal | 83% | 11% |
Sources: ISC2, ISC2 (2), Fortinet
Valued Cybersecurity Skills
There is a disparity between the skills hiring managers value and the skills cybersecurity professionals think they value.
For example, only 12% of hiring managers are actively seeking AI/ML skills, yet 23% of professionals believe those skills are in demand.
Similarly, only 19% of cybersecurity professionals think curiosity and eagerness to learn are in-demand skills, yet 26% of hiring managers actively seek these soft skills.
Above all else, strong problem-solving abilities are the most sought-after skills, with 31% of hiring managers prioritizing them. Fortunately, cybersecurity professionals are largely aware of it, with 28% agreeing it is in demand.

Here’s how cybersecurity skills are valued by hiring managers compared to professionals:
| Cybersecurity Skill | Hiring Managers Seeking Skill | Cybersecurity Professionals Who Think Skill is in Demand |
| Strong problem-solving abilities | 31% | 28% |
| Teamwork and collaboration skills | 28% | 21% |
| Curious/eager to learn | 26% | 19% |
| Strong communication skills | 25% | 31% |
| Cloud computing security | 19% | 30% |
| Strong strategic thinking skills | 17% | 16% |
| Zero-trust implementation | 14% | 17% |
| Security engineering | 14% | 13% |
| GRC | 13% | 19% |
| Strong project management skills | 12% | 8% |
| AI/ML | 12% | 23% |
| Security analysis | 11% | 8% |
| Time management and organisation | 11% | 8% |
| Application security | 11% | 11% |
| Security administration | 10% | 7% |
| Emotional intelligence | 10% | 7% |
| SecOps | 8% | 10% |
| ID and access management | 8% | 9% |
| Zero trust implementation | 8% | 14% |
| Leadership abilities | 7% | 10% |
According to the latest data, 71% of cyber recruiters have formal targets for hiring
from underutilized talent pools.
Sources: ISC2, ISC2 (2), Fortinet
Regional Comparisons
According to the latest figures, the US has the largest active cybersecurity workforce (approximately 1.3 million). That’s despite a 3% drop from the 12 months prior.
In fact, the US still has more cybersecurity employees than the second (Brazil – 752k) and third-largest (Japan – 500k) workforces put together.

Here’s a breakdown of cybersecurity workforce sizes across the globe:
| Country | 2023 Workforce | 2024 Workforce | Change Over Previous Year |
| US | 1.339 million | 1.299 million | ↓ 3% |
| Brazil | 749k | 752k | ↑ 0.4% |
| Japan | 481k | 500k | ↑ 4% |
| Germany | 456k | 439k | ↓ 3.7% |
| Mexico | 436k | 422k | ↓ 2.7% |
| UK | 367k | 349k | ↓ 4.9% |
| South Korea | 264k | 273k | ↑ 3.3% |
| France | 217k | 230k | ↑ 6.1% |
| Spain | 182k | 188k | ↑ 3% |
| South Africa | 178k | 197k | ↑ 10.7% |
| Canada | 157k | 156k | ↓ 0.8% |
| UAE | 144k | 149k | ↑ 3.4% |
| Australia | 139k | 146k | ↑ 5.5% |
| Singapore | 77k | 78k | ↑ 1.3% |
| Netherlands | 68k | 73k | ↑ 8% |
| Saudi Arabia | 54k | 60k | ↑ 10.9% |
| Nigeria | 26k | 26k | ↑ 0.2% |
| Ireland | 19k | 21k | ↑ 5.8% |
Together, the Middle East & Africa have seen the largest increase in the cybersecurity workforce (7.4%). The two regions have grown considerably in the space of a year, largely thanks to:
- South Africa – 178k to 197k (10.7% increase)
- Saudi Arabia – 54k to 60k (10.9% increase)
- UAE – 144k to 149k (3.4% increase)
The Asia Pacific region has also seen its cybersecurity workforce increase, while North America, Europe, and Latin America have each seen overall declines.
Here is the cybersecurity workforce split by regions:
| Region | 2023 Workforce | 2024 Workforce | Change Over Previous Year |
| North America | 1.496 million | 1.455 million | ↓ 2.7% |
| Europe | 1.31 million | 1.3 million | ↓ 0.7% |
| Latin America | 1.286 million | 1.274 million | ↓ 0.9% |
| Asia Pacific | 960k | 997k | ↑ 3.8% |
| Middle East & Africa | 402k | 431k | ↑ 7.4% |
Given the drop-off in cybersecurity employees in the US, it is no surprise to see that demand for cybersecurity talent is also waning.
Recent data from LinkedIn reveals that demand for cybersecurity professionals is down 5.4% year-over-year. That’s almost matched by Singapore (4.9% decrease) and France (4.5% decrease).
However, on the other end of the spectrum, Brazil (11.2% increase), Germany (11% increase), and Poland (6.2% increase) have all experienced greater demand for cybersecurity employees between 2021 and 2024.
Based on the share of job postings, Singapore has the largest concentration of demand, making up almost 5% of all advertised openings. In other words, nearly 1 in 20 cybersecurity job listings on LinkedIn are Singapore-based. That’s more than the UK (2.37%) and the US (2.07%) combined.

This is how the top countries by share of cybersecurity job postings compare:
| Country | Share of Cybersecurity Job Postings |
| Singapore | 4.64% |
| Poland | 3.48% |
| Germany | 2.83% |
| Spain | 2.76% |
| Australia | 2.57% |
| India | 2.49% |
| UK | 2.37% |
| Italy | 2.35% |
| Brazil | 2.27% |
| Mexico | 2.14% |
| Netherlands | 2.11% |
| US | 2.07% |
| Canada | 1.89% |
| France | 1.66% |
Demographics: Gender, Age, Ethnicity, Education
Gender
The cybersecurity space remains male-dominated, with only approximately 1 in 6 (16.8%) of the global workforce comprised of women.
Since 2010, the proportion of women in cybersecurity jobs has trended downwards, falling considerably from 26.42%.
Around 1 in 4 (26.7%) cybersecurity professionals in Italy are women – the highest proportion from the assessed countries, just ahead of Singapore (26.2%).

Here’s a look at the proportion of women in the cybersecurity workforce, split by nation:
| Country | Share of Women in Cybersecurity Workforce |
| Italy | 26.7% |
| Singapore | 26.2% |
| Canada | 21.2% |
| India | 20.9% |
| Mexico | 19.9% |
| Brazil | 19.7% |
| Australia | 19.1% |
| US | 18.3% |
| UK | 17.9% |
| Spain | 17.5% |
| Poland | 17.2% |
| France | 16% |
| Netherlands | 15.9% |
| Germany | 14.6% |
And here’s how the proportion of women in cybersecurity has shifted in the space of a year:
| Country | Change in Share of Women in Cybersecurity Workforce |
| Brazil | 4.45% |
| Poland | 3.55% |
| Germany | 3.11% |
| Netherlands | 2.38% |
| UK | 2.34% |
| France | 2.3% |
| Canada | 2.12% |
| Australia | 1.92% |
| India | 1.6% |
| Italy | 1.44% |
| US | 1.22% |
| Spain | 1.04% |
| Mexico | 0.4% |
| Singapore | 0.08% |
Interestingly, there is a clear divide between men and women when it comes to specific cybersecurity roles. For instance, informatics nurse specialists, clinical support specialists, and clinical administrators are areas of work dominated by women.
Female-dominated cybersecurity jobs:
- Informatics nurse specialists – 87% female
- Clinical support specialists – 78% female
- Clinical administrators – 77% female
Male-dominated cybersecurity jobs:
- Dell certified systems expert – 99% male
- Senior data center engineer – 98% male
- Software applications architect – 98% male
- Cybersecurity specialist – 83% male
Age
The average cybersecurity specialist is 42.4 years old.
There isn’t a significant variance between the average ages for different genders or races.
Nonetheless, the oldest group is white females, who are an average of 47 years old, compared to white males, who average 42 years of age.
At an average of 37 years old, the youngest group is Hispanic/Latino females. That’s 4 years younger than the equivalent male group (41 years old).
The majority (60%) of cybersecurity specialists are over 40 years old. Another approximately 30% are aged 30 to 40. And just 11% are between the ages of 20 and 30.
Ethnicity
Around 2 in 3 (65.7%) cybersecurity professionals are white. That figure has slowly dropped from 76% in 2010, with the field becoming slightly more diverse.

This is how the cybersecurity workforce is split by ethnicity:
| Ethnicity | 2010 Proportion | Latest Proportion | Change |
| White | 76% | 65.7% | ↓ 10.3% |
| Asian | 7% | 9.6% | ↑ 2.6% |
| Black/African American | 8% | 9.2% | ↑ 1.2% |
| Hispanic/Latino | 6% | 9% | ↑ 3% |
| Unknown | – | 6.1% | – |
| American Indian/Alaska Native | – | 0.4% | – |
Education
A Bachelor’s degree (obtained online or in-person) is the most common type of degree obtained by cybersecurity professionals – over half (56%) of all cybersecurity specialists have one.
In total, 96% of cybersecurity specialists have some form of higher education.
Here’s a breakdown of degree levels within the cybersecurity industry:
| Degree | Proportion |
| Bachelor’s | 56% |
| Associate | 23% |
| Master’s | 14% |
| High School Diploma | 4% |
| Other Degrees | 3% |
In the US, just under 3 in 4 (72.94%) cybersecurity professionals hold a Bachelor’s degree or higher.
Here’s the proportion of cybersecurity professionals with Bachelor’s degrees:
| Country | Share of Transitions into Cybersecurity Jobs by Bachelor’s or Higher Degree Holders |
| India | 85.06% |
| Singapore | 78.8% |
| Mexico | 77.79% |
| France | 73.91% |
| Canada | 73.24% |
| US | 72.94% |
| Australia | 72.41% |
| Germany | 69.3% |
| Netherlands | 68.76% |
| Brazil | 67.54% |
| Poland | 65.35% |
| Spain | 65.28% |
| UK | 64.22% |
| Italy | 62.52% |
Sources: Zippa, ISC2, LinkedIn
Pay & Position Disparities
Education
Unsurprisingly, there is a strong correlation between the level of education and wages in cybersecurity.
Those with an Associate’s degree or some form of College degree take home $81,263 every year.
By comparison, professionals with a Bachelor’s degree as their highest form of education earn $93,788 per year, or around 15.4% more.
While cybersecurity specialists with a Master’s degree (both online and in-person) average $102,065 a year, 8.1% more than Bachelor’s degree holders, and 25.6% more than professionals with Associate’s degrees.
And this disparity is likely to widen. In the US, nearly all (94.38%) cybersecurity job openings require a 4-year degree. That figure is nearly 5x higher than any other country.

Here’s a look at the proportion of cybersecurity job postings that do not require a 4-year degree:
| Country | Share of Cybersecurity Job Postings Not Requiring a 4-Year Degree |
| US | 5.62% |
| Mexico | 1.06% |
| Canada | 0.94% |
| Poland | 0.78% |
| Germany | 0.55% |
| Italy | 0.54% |
| India | 0.38% |
| France | 0.37% |
| Australia | 0.3% |
| Singapore | 0.29% |
| UK | 0.22% |
| Netherlands | 0.17% |
Just under 1 in 3 (31%) organizations have no entry-level professionals working in their security teams.
This figure rises among small businesses, where 36% of organizations with fewer than 500 employees report having no capacity for entry-level cybersecurity staff. In these cases, limited budgets and leaner IT teams often mean that cybersecurity responsibilities are consolidated into existing roles rather than dedicated to new hires.
The absence of entry-level positions in smaller organizations reduces opportunities for new professionals to gain practical experience, which in turn contributes to some of the broader workforce shortages the industry is currently seeing.
Organizations with no entry-level or junior-level professionals within their security team:
| Organization Size | No Entry-Level | No Junior-Level |
| Under 500 Employees | 36% | 21% |
| 500-5,000 Employees | 30% | 14% |
| 5,000+ Employees | 27% | 11% |
| All Organizations | 31% | 15% |
Gender
There is an estimated 15% gender pay gap in the US. However, in cybersecurity, the difference is less pronounced.
On average, men working in cybersecurity earn $95,889 per annum, averaging around 4.6% more than women ($91,462 per annum).

Ethnicity
There are more notable differences in cybersecurity earnings when it comes to ethnicity.
Asian cybersecurity specialists outearn the rest of the population, averaging just over $100,000 each year. That’s 6.6% more than Black or African American cybersecurity employees ($93,506).

Here’s how cybersecurity wages vary depending on ethnicity:
| Ethnicity | Wages |
| Asian | $100,135 |
| White | $97,753 |
| Hispanic/Latino | $95,522 |
| Black/African American | $93,506 |
| Unknown | $92,724 |
Sources: Zippa, LinkedIn, Pew Research Centre
Conclusion
Despite employing over 5.5 million professionals globally, the cybersecurity industry continues to face a variety of challenges.
While certain regions have seen workforce growth, overall global hiring momentum is slowing, and job satisfaction is declining.
Without greater investment in talent development, diversity, and equitable access to entry-level roles, growth may continue to stagnate.