In the face of recession worries, cybersecurity teams would be least affected by staffing cuts in 2023, according to a survey of C-suite executives by (ISC)².
Fears have been growing that the U.S. and the world could be hit by a recession this year, and with a slower economy comes the prospect of job cuts. If layoffs are in store, however, a new report from cybersecurity industry association (ISC)² says that security professionals will be among the least affected.
For its report entitled How the Cybersecurity Workforce Will Weather a Recession, (ISC)² surveyed 1,000 business executives in December 2022 from the U.S., the U.K., Germany, Japan and Singapore. Respondents included only non-tech/security C-suite professionals working for organizations with a security team of at least two employees.
Jump to:
Cybersecurity jobs least likely to be cut
Among those surveyed, 85% said they expect layoffs will be necessary at their companies, but only 10% think cybersecurity jobs are likely to be cut. That contrasts with the 30% of respondents who anticipate cuts in human resources, 24% in finance, 24% in operations, 22% in marketing and 22% in sales.
The most optimistic outlook for security pros is a sign that executives see the criticality of cybersecurity. In the event of a recession, cybercriminals won’t be facing layoffs — if anything, they’re likely to increase their attacks under the belief organizations may be understaffed and more vulnerable. In fact, 80% of those surveyed believe that a slower economy would lead to more cyberthreats, while 87% feel that a reduction in cybersecurity staff would trigger greater risks and challenges in the fight against cyberattacks.
Security pros expected to find jobs elsewhere
Security professionals would also be among the top beneficiaries after the economy bounced back. Some 51% of the respondents said that cybersecurity workers would be prioritized for hiring or rehiring. Even now, almost three-quarters (74%) of executives said they’d be open to hiring security pros laid off elsewhere should the opportunity arise.
Cybersecurity hiring has already been a focus for many organizations. At least 90% of the respondents from all but one of the countries said they increased such hiring over the past two to three years. The one exception was Germany, but even there, some 78% of those surveyed said the same.
Which security professionals would be affected by layoffs?
When asked how layoffs among the security workers would play out should they be required, most of the respondents said that junior staff would be affected at the highest rate, followed by senior team members, managers and then cybersecurity executives.
Other criteria would factor into the decision regarding whom to lay off, with performance cited by 50% of the respondents, expertise and skill set by 50%, followed by a redundancy of skills, diversity and team composition, and then salary.
SEE: Mobile device security policy (TechRepublic Premium)
Impact would extend beyond job cuts
Beyond the possibility of job cuts, a recession would impact cybersecurity professionals in other ways. Among those surveyed, 41% said that their security teams might be affected by a greater use of automation, while 40% expected that team members would be asked to work longer hours. An economic downturn would also lead to the hiring of more entry-level and junior-level staff as well as a freeze on raises and promotions.
In short, the heavy demand for skilled and qualified cybersecurity pros won’t shield such workers from the impact of a recession and job cuts, but the fallout is likely to be less severe than for other professions.
“The importance placed on cybersecurity professionals, even during uncertain economic times, suggests that top executives understand the critical need for a strong cybersecurity team now more than ever,” (ISC)² CEO Clar Rosso said in a press release. “This is not surprising given the upward trend in recent years where a weakening economy combined with political tensions has led to increased cyber threats. A key test for executives in 2023 will be their ability to sustain their commitment toward strengthening their organizations’ resilience against evolving cyberthreats amid emerging budgetary pressures.”
Read next: How to hire and recruit a Security Analyst (TechRepublic Premium)