Our method compiles a variety of secondary data sources in combination with proprietary survey data to create a single, holistic estimate. This tactic of combining multiple different methodological approaches keeps any single number from disproportionately influencing the final estimate.

Workforce Estimate Methodology

The estimate of the global cybersecurity workforce begins with estimates of the U.S. workforce, as the U.S. provides a crucial combination of a robust sample and reliable secondary data sources. The U.S. estimate is derived from three main methodological groups:

  • Survey-based estimates: Survey data on the number of cybersecurity professionals who are employed by organizations is combined with secondary data estimates of the number of U.S. business entities in various size strata. These secondary sources include: the U.S. Bureau of Labor Statistics’ Quarterly Census of Employment and Wages; the U.S. Census’s Statistics of U.S. Businesses Survey; and the U.S. Census’s County Business Patterns study
  • Third-party estimates: Various estimates of related populations were modified based on survey findings to match our estimation criteria. This includes the U.S. Bureau of Labor Statistics’ estimate of cybersecurity analysts
  • Trending estimates: Previous years’ estimates were trended using multiple methodologies to provide expected estimates for this year’s numbers

The U.S. estimate provides a baseline for the estimates of the rest of the world. Estimates for other countries used similar methods except replacing third-party estimates for estimates derived from the U.S. baseline; most countries did not have reliable third-party estimates. The secondary data estimates for countries outside of the U.S. came primarily from the Organisation for Economic Co-operation and Development (OECD). China and India, while included in the gap estimate, were excluded from the workforce estimate due to a lack of reliable secondary sources.

Gap Estimate Methodology

The workforce gap used similar approaches to the estimate of the total cybersecurity workforce. A combination of survey-based, trending and third-party methodologies provided the U.S. estimate, which was then used as the baseline for the rest of the world. The basic calculation for the workforce gap comes down to: gap equals demand minus supply.

Workforce Gap Estimate

  • Demand is defined as the number of cybersecurity jobs organizations would like to employ over the next year minus the number of current workers
  • Supply is defined as the number of workers who will enter the field over the next 12 months minus the number of workers who will leave the field

In total, this makes the equation for calculating the gap: workforce gap equals (total demand over the next 12 months minus the current workforce) minus (number of workers entering the field minus number of workers leaving the field).

Workforce Gap Supply and Demand