(ISC)² said that by 2022 there will be 1.8 million vacancies in the industry that will need to be filled. The General Data Protection Regulation law (GDPR) is trying to force European organizations to expand their cyber workforce, causing demand to outstrip the supply of expertise.
According to the (ISC)² study, two in five governments and companies are aiming to expand the cybersecurity divisions by more than 15 percent over the next 12 months. However, this will still leave a shortfall of 1.8 million cyberspace workers by 2022.
With GDPR forcing businesses to increase their cybersecurity workforce, Europe's cyber sector will expand faster than in any other region in the world. Demand is driving record salaries with 39 percent of UK cyber workers commanding annual salaries of more than US$87,000.
The (ISC)² report, titled Benchmarking Workforce Capacity and Response to Cyber Risk, forms part of the associations Global Information Security Workforce Study based on a survey of 19,000 cybersecurity professionals (3,694 from Europe).
Many organizations are struggling to retain their staff, with 21 percent of the global workforce stated that they left their job in the past 12 months.
The (ISC)² said that in order to manage the skills gap, employers need to do more to embrace newcomers.
Workers with non-computing backgrounds account for nearly a fifth of the current workforce in Europe. Employers need to open their doors to new, younger and more diverse talent, according to (ISC)².
Adrian Davis, Europe Middle East and Africa (EMEA) managing director at (ISC)², said that there are serious "structural concerns" which are hampering the development of the job market.
"It is particularly concerning that employers appear reluctant to invest in their workforce and are unwilling to hire less experienced candidates. If we cannot be prepared to develop new talent, we will lose our ability to protect the economy and society," Mr. Davis said.
This lack of cybersecurity workers is a huge concern; in May, the world was alarmed to discover that cybercrime had achieved a new record. In a widespread ransomware attack that hit organizations in more than 100 countries within the span of 48 hours, the operators of malware known as WannaCry/WanaCrypt0r 2.0 are believed to have caused the biggest attack of its kind ever recorded.
With no qualified cybersecurity employees, experts are worried that this type of attack could take place again.
The (ISC)² hope that the latest findings will act as a "wake up call" for the industry.