85% of C-suite executives in new study believe layoffs may be necessary in 2023, but only 10% foresee reductions in their cybersecurity teams

ALEXANDRIA, Va., Feb. 16, 2023 /PRNewswire/ -- (ISC)² – the world's largest nonprofit association of certified cybersecurity professionals – today published its How the Cybersecurity Workforce Will Weather a Recession research report. The study found despite looming recession concerns, cybersecurity teams will be least impacted by staffing cuts in 2023. The research highlights how C-suite executives view cybersecurity as an essential, valuable asset that is a strategic priority.

To assess the impact of a potential economic downturn on cybersecurity teams, (ISC)2 polled 1,000 C-suite executives in December 2022 across five countries: Germany, Japan, Singapore, the U.K. and U.S.

85% of respondents expect layoffs will be necessary at their organizations, but cybersecurity roles are expected to be the least affected by staff reductions. Only 10% of organizations are likely to cut jobs in cybersecurity compared to other business areas, such as human resources (30%), finance (24%), operations (24%), marketing (22%) and sales (22%). This is because 87% of respondents believe that a reduction in cybersecurity staff will lead to greater risks against cyberattacks, as well as recognition of the challenges associated with building their cybersecurity team when skilled workers are in short supply.

"The importance placed on cybersecurity professionals, even during uncertain economic times, suggests that top executives understand the critical need for a strong cybersecurity team now more than ever," said Clar Rosso, CEO, (ISC)². "This is not surprising given the upward trend in recent years where a weakening economy combined with political tensions has led to increased cyber threats. A key test for executives in 2023 will be their ability to sustain their commitment toward strengthening their organizations' resilience against evolving cyberthreats amid emerging budgetary pressures."

Underscoring the importance they place on their cybersecurity teams, half of participating executives said cybersecurity staff would be prioritized for hiring or rehiring if layoffs were necessary. IT is another priority (49%), with research and development (R&D) not far behind (41%). Lower on the rehiring priority list are marketing (35%), finance (34%), operations (31%), sales (30%) and HR (29%).

Key report findings include:

80% of participants believe a weakening economy will increase cyber threats

87% of participants say reductions in their cybersecurity teams would increase risk for their organizations

31% of respondents cited cybersecurity as the least likely to be impacted in a first round of layoffs

74% of respondents are open to recruiting cybersecurity talent laid off elsewhere to bolster their own teams

90% of participants said they increased cybersecurity hiring in the last two to three years

Salary was the least important factor when determining which staff would be impacted by layoffs compared to other factors such as performance and expertise/skill set

Cybersecurity professionals may face increased automation adoption, longer hours, more junior staff hiring and salary freezes due to economic conditions

To learn more, read the full "How the Cybersecurity Workforce Will Weather a Recession" report here.

Study Methodology

(ISC)² surveyed a total of 1,000 business executives in December 2022 from Germany (200), Japan (200), Singapore (200), the U.S. (200) and U.K. (200). Respondents were screened to allow only non-tech/security C-suite professionals to participate. Respondents were also limited to those working within an organization with a cybersecurity team of at least two (2) employees and anticipating economic challenges in 2023. The margin of error for the global descriptive statistics in this research is +/- 3.1 at a 95% confidence level.

