Cybercrime rates are rising, and the growing number of attacks puts lives at risk, costs companies millions and threatens national security. Viewed as a business, cybercrime is booming. It constitutes the largest transfer of economic wealth in history and is more profitable than any legal business or the illegal drug trade. An IBM survey found that data breaches in 2021 cost companies, on average, $4.24 million per incident – a record high, up 10% from the year prior.
Organizations unaware of these facts likely still understand the importance of IT security and risk management. However, they may not be able to onboard the staff necessary to implement a robust cybersecurity strategy. Cybersecurity remains a field defined by high demand coupled with massive skill shortages. To satisfy that demand, the International Information System Security Certification Consortium² predicts the worldwide cybersecurity workforce would need to grow by 89%.
The market for professionals with advanced cybersecurity skills has expanded at a remarkable rate – from $3.5 billion in 2004 to $150 billion in 2021. Rapid job growth in the cybersecurity field has created a thriving market for cybersecurity analysts, security managers and other professionals in technology and other industries. According to The Washington Post, there are more than 36,000 open public-sector cybersecurity positions. Cyberseek reports there are 597,000 available jobs for cybersecurity professionals in the private sector.
There’s probably never been a better time to earn a cybersecurity degree or launch a cybersecurity career. If you’re thinking about building on your computer science, IT or information systems skills to launch a career in cybersecurity, consider enrolling in The University of Tulsa’s 100% online M.S. in Cyber Security program. The ROI of this degree is exceptionally high because demand in the industry is poised to continue growing for years to come.
The cybersecurity job outlook remains strong
Cybersecurity was one of the few industries that didn’t experience a significant employment downturn during the height of the COVID-19 pandemic. In fact, the cybersecurity job outlook may have gotten a boost. The rapid transition to remote work and expanded cloud migration led to increased cybercrime rates, prompting organizations to beef up digital security measures. The chief technology officer at Untangle even said it would be “dangerous” to downsize cybersecurity jobs. About 26% of organizations surveyed by PriceWaterhouseCoopers expect to grow their cybersecurity budgets by 11% or more in 2022, and more than half plan to increase their budgets by at least 6% to defend against increasingly complex cyber attacks.
However, the skills gap in cybersecurity may frustrate those efforts. A Global Information Security Workforce Study predicts the talent shortage will hit 1.8 million in 2022 because many professionals in the field don’t have the skill sets necessary to satisfy employer demand. Organizations look for professionals with advanced cybersecurity skills and credentials plus real-world experience. Additionally, many employers are bundling cybersecurity into other IT positions, which means applicants need cybersecurity expertise plus expertise in related fields. Burning Glass Technologies refers to these professions as cyber-enabled jobs and reports that they make up 56% of all cybersecurity-related openings.
Job seekers are more likely to see an increase in the need for cybersecurity skills than an increase in job titles that specifically include the word cybersecurity. For example, the U.S. Bureau of Labor Statistics predicts employment for information security analysts is going to grow by 33% over the next decade – much faster than the average growth rate across all occupations. Because the data and systems businesses rely on are increasingly digital, jobs for computer network security analysts, digital security managers, security project managers and cloud security specialists will also grow. If you’re looking for more solid proof that cybersecurity professionals are in demand, read the descriptions for job openings in information technology, software engineering and networking. Employers may not post positions for cybersecurity engineers, even when that’s the skill set they’re seeking.
Eight factors fueling sustained growth in the field
More devices = more points of vulnerability
Think of all the connected devices you currently use in a day. Your laptop and phone may be top of mind, but you probably also interact with smart home devices, credit card readers, connected systems in your car and more. Cisco predicts that by 2023, the number of devices connected to IP networks will add up to more than three times the global population. Every single one of those devices represents a point of vulnerability. As smart device adoption has expanded, even objects as innocuous as TVs and exercise machines have become hackable. Companies that make smart devices must have professionals with cybersecurity know-how on their teams to create and maintain the extra security protocols necessary to keep up with the increasing complexity of cyber attacks.
Rates of cybercrime are going up
Criminals have found many ways to capitalize on the widespread adoption of digital technologies. According to statistics from Check Point Research, cyber attack attempts reached an all-time high in 2021. Attacks on corporate computer networks grew by 50% between 2020 and 2021. And the number of data breaches also reached a record high in that same year. A significant breach of T-Mobile’s customer databases exposed sensitive information, including Social Security numbers, putting more than 54 million Americans at risk.
“There is no reason to believe the level of data compromises will suddenly decline in 2022,” said the CEO of Identity Theft Resource Center, Eva Velasquez. “As organizations of all sizes struggle to defend the data they hold, it is essential that everyone practice good cyber hygiene to protect themselves and their loved ones from these crimes.”
The cloud represents a new point of vulnerability
When COVID-19 drove remote work transitions across industries, it also forced many organizations to make a rapid – in some cases, risky – transition to the cloud. Cloud computing platforms, like Amazon Web Services and Google Cloud, offer increased storage, empower remote collaboration and simplify file sharing. However, many companies could not or did not prioritize cloud security during transitions, resulting in security vulnerabilities.
Cloud adoption will continue, despite the fact that many workplaces currently don’t have cloud security strategies in place or protocols to ensure employees secure the data they share. This is especially true in health care and education – two fields that saw more than a 70% increase in cyber attacks in 2021. As a result, many of the most in-demand cybersecurity skills are related to cloud security.
The federal government is pushing cybersecurity investments
Governments are doing their part to keep data and information safer in the digital age. Three pieces of federal legislation that address data protection and cybersecurity are:
- The Health Insurance Portability and Accountability Act (HIPAA), which protects digital health care data.
- The Gramm-Leach-Bliley Act, which requires financial institutions to make their information-sharing practices transparent and protect sensitive data.
- The Federal Information Security Management Act, which requires federal agencies to implement processes that protect confidential systems information.
Attacks like the Colonial Pipeline ransomware hack highlighted the fact that cybercrime is a national security issue. International cyber threats have prompted a hiring boom in military and non-military agencies. In July of 2021, the Department of Homeland Security brought on almost 300 cybersecurity professionals and extended 500 tentative offers. President Biden made cybersecurity a top priority for his administration, budgeting $15 billion for the issue in FY19. He pointed to the need for more cybersecurity programs in secondary schools and higher education, saying that “we have to make a greater investment in education as it relates to being able to train and graduate more people proficient in cybersecurity.”
States are forcing organizations to bulk up their cybersecurity
States are making moves to safeguard against cybercrime. For example, California passed the Notice of Security Breach Act, which requires organizations to notify California customers of data breaches. All 50 states, plus the District of Columbia, Guam, Puerto Rico and the Virgin Islands, have similar laws for private companies and, in many cases, government agencies. In Michigan and Arizona, private and public organizations and universities have partnered to create cyber ranges to train new experts in the field. Every state has a Chief Information Security Officer (CISO) responsible for protecting government information – and that title comes with an impressive average salary of around $200,000 or more. State governments will likely continue recruiting experienced and credentialed cybersecurity professionals to keep up with changing regulations.
More people work remotely
More Americans than ever now work from home. They also attend school from home, shop from home and log in to medical appointments using computers and phones. Remote work, distance learning and virtual meetups have created a digital landscape in which sensitive information flows over networks 24 hours a day.
Cybercriminals aren’t attacking only large corporations. They attack individuals, health care providers and nonprofits. Cyber attacks against small businesses are increasingly common, and many small business owners report they are not prepared to defend themselves. Employees unused to remote work and unfamiliar with social engineering fall victim to phishing scams. When one employee provides sensitive information to someone they think they can trust, cybercriminals can use it to exploit entire companies. In a study Positive Technologies conducted across multiple disciplines, including finance, government and industry, the company found external attackers could penetrate organizations’ local networks 93% of the time.
Third-party relationships create extended attack surfaces
In 2020, Russian hackers gained access to Pentagon, United States Treasury and Department of Homeland Security data via security holes in SolarWinds’ Orion software patches. The attack drove home how devastating a cyber attack can be to national security and how much more vulnerable organizations and agencies are as a result of third-party partnerships. Some sources estimate as many as 60% of new cybersecurity incidents may result from attacks on third parties. Many organizations don’t have the resources necessary to evaluate the security practices of third-party vendors, much less manage how vendors use data. Forrester Research predicts one-fifth of organizations will add cyber incident insurance clauses to their third-party contracts in 2022, making vendors who don’t take cybersecurity seriously financially liable for breaches.
Outdated technology leaves data vulnerable
Too many organizations, in an effort to save money and time, still use outdated legacy software that functions but is not as secure as newer applications and platforms. Software requires updates, bug fixes and patches to run smoothly and protect the data and functionality of systems. However, updates and upgrades can be costly and time-consuming, and many organizations avoid them – not realizing that they’re leaving systems and sensitive information vulnerable to viruses, malware and other attacks. In some cases, organizations using insecure outdated systems may be liable for damages when breaches happen due to what is effectively negligence. Involving security experts in systems maintenance is increasingly important. Experienced cybersecurity professionals can pinpoint system vulnerabilities and determine which upgrades are essential.
There’s still room for growth in the cybersecurity market
The digital landscape is fraught with risks in the present, and it is largely impossible to predict future cyber threats. The demand for qualified cybersecurity professionals will only grow as organizations learn the full extent of modern threats to digitized workplaces. Grand View Research predicts the cybersecurity market will be worth more than $190 billion by 2028. Right now, there are too few qualified professionals in the cybersecurity field. A bachelor’s degree plus certifications and firewall entry-level experience are no longer all professionals need to defend against cyber attacks.
To launch a cybersecurity career, you will need not only advanced skills but also advanced credentials. The University of Tulsa’s Master of Science in Cyber Security focuses on the theories, concepts and techniques of modern information assurance and network defense. The core M.S. in Cyber Security coursework covers auditing and testing methodologies, high-assurance information systems design and maintenance, legal, policy, technical and logical dimensions of cybersecurity, network security design and more.
More importantly, you can learn it all at your own pace in this online master’s degree program and earn your cybersecurity degree in just 20 months – or over four years if you need more flexibility. Faculty members are experts in the field. And TU has relationships with industry leaders at high-profile companies such as Amazon, Instagram and Google. Demand for cybersecurity professionals will still be high at companies like these by the time graduation rolls around if you apply today.