Defending against cybercrime
Cybercrime bears tremendous costs for organizations, with some estimates showing the annual cost of cybercrime to reach $6 trillion by 2021. But while there’s no shortage of cybercriminals, the growing cybersecurity talent gap means employers have to work hard to attract top workers. In the United States, the average supply-to-demand ratio across all industries is five to one, versus only two to one for cybersecurity — and geographically, the shortage is the same across the country.
With no industry immune to cyberattacks, you can find a job just about anywhere as a cybersecurity analyst, engineer or any other number of cybersecurity specialties. Still, some sectors may feel more attractive or have a stronger need for talent. Here’s a list of the top industries for cybersecurity jobs (not listed in any order of ranking).
Healthcare sector: Big magnet
Healthcare organizations face a double whammy: Not only are they a bigger target but they also have higher costs of data breaches.
In 2019, the healthcare industry had the second-highest number of publicly reported data breaches — 525 out of 1,473, according to the Identity Theft Resource Center. The highest was the business sector, with 644 breaches, but it could be argued that the business sector definition is broad and encompasses a variety of verticals.
As for costs, the 2019 Cost of a Data Breach Report by IBM Security showed that it cost healthcare organizations globally 65 percent more for data breaches than the average for all industries. Compliance is one of the factors driving up the costs, as the Healthcare Insurance Portability and Accountability Act (HIPAA) mandates a variety of patient data privacy safeguards and imposes steep fines for noncompliance.
These factors — as well as other unique concerns such as the proliferation of connected medical devices with weak security — would seem to indicate that the healthcare sector has one of the highest needs for cybersecurity defenders.
The caveat is that healthcare organizations typically devote the bulk of their operating funds to patient care, so many are more likely to have lean in-house teams. From a career perspective, however, that could be advantageous for someone who wants to gain experience in different types of roles.
Technology sector: Top employer
With as many as 1 million jobs unfilled in the last couple of years, the technology sector overall has a more difficult time finding candidates. According to some reports, even individuals with liberal art degrees or no college degree at all have good chances of being employed by a tech company.
Consider some of the trends impacting the different types of tech companies and availability of cybersecurity jobs:
- Cybersecurity vendor landscape: With more than 3,000 vendors and growing, the global cybersecurity market is forecast to expand from $153 billion in 2018 to $249 billion in 2023. And just in 2018, venture capitalist funding for startups grew 15 percent to $6.2 billion, according to Momentum Cyber.
- Demand for MSSPs: Nine out of 10 organizations are using managed security service providers (MSSPs) for at least one IT security function, according to CyberEdge Group. The services segment is the highest growing cybersecurity market component, and the demand for MSSPs will expand even further with increased adoption of cloud-based infrastructure management.
- Information system designers: The most current data (May 2018) from the U.S. Bureau of Labor Statistics shows that computer systems design and related services are the industry with the highest percent of employment for cybersecurity analysts, with 28,410 workers employed, or 1.36 percent of all industries. This industry also has the second-highest concentration of cybersecurity analysts.
Cybersecurity product vendors, managed service providers and information systems designers are just some of the subcategories that fall under the tech sector. Various other types of companies, from social networks to software-as-a-service providers, have high demand for security roles.
Financial services: Highly sophisticated
Banking and finance, not surprisingly, is another magnet for cybercriminals. In 2019, finance and insurance was the most-attacked sector — for four consecutive years — according to the annual IBM X-Force Threat Intelligence Index.
This industry, however, is also highly mature when it comes to cybersecurity and is ahead of many other sectors in using more sophisticated defensive technologies. The IBM report noted that data suggests the finance and insurance companies experience a higher than average volume of attacks but fewer breaches because of the effective tools and processes they use.
Despite having a leg up, banks and financial institutions will need to continuously innovate their fraud detection and data protection strategies because cybercriminals are also evolving. From a career perspective, this means both good job prospects in the industry and the opportunity to be immersed in cutting-edge cybersecurity work.
Government sector: Critical demand
The government sector has been on the cybercriminals’ radar for a while but it’s now rapidly becoming one of the most-targeted industries, IBM found. The last couple of years saw a surge of attacks against local and state agencies, especially ransomware.
At the federal level, various initiatives are underway to boost hiring for cybersecurity roles, as well as new mandates aimed at data security. This includes a 2019 presidential order to strengthen the U.S. cybersecurity workforce.
Although the demand for technical talent is robust across the board, the government sector is especially struggling to recruit. One of the main reasons is the historically lower salary compared to the private sector.
At the same time, defending government systems and critical infrastructure is key for national defense and economic stability. So many federal agencies are boosting their efforts to attract talent, especially the millennials. And for candidates, getting hands-on experience with a high-profile employer like the Department of Homeland Security can be very appealing.
Many other industries, from education to retail and manufacturing, have a unique and growing need for cybersecurity skills. Each industry has a different appeal. Which path you choose may depend on whether your main incentive is pay, career advancement or something else.
- Global Cybercrime Damages Predicted To Reach $6 Trillion Annually By 2021, Cybersecurity Ventures
- Cybersecurity Supply and Demand Heat Map, CyberSeek
- 2019 End-of-Year Data Breach Report, Identity Theft Resource Center
- IBM Study Shows Data Breach Costs on the Rise; Financial Impact Felt for Years, IBM Security/Ponemon
- Liberal arts degree? No degree at all? You are the perfect candidate for a tech job, CNBC
- Cybersecurity Markets by Solution, Markets and Markets
- Cybersecurity Almanac 2019, Momentum Cyber
- 2019 Cyberthreat Defense Report, CyberEdge Group, LLC
- Occupational Employment and Wages, May 2018, Information Security Analysts, U.S. Bureau of Labor Statistics
- 2020 IBM X-Force Threat Intelligence Index, IBM
- Cybersecurity officials warn state and local agencies (again) to fend off ransomware, Ars Technica
- By the Numbers: Federal Agencies Face Uneven Struggle Hiring Young Tech Talent, Nextgov