The cybersecurity workforce gap has ballooned worldwide, with 2.93 million open positions available across the globe, according to the (ISC)2 2018 Cybersecurity Workforce Study released on Wednesday. The highest shortage is in the Asia-Pacific (APAC) region, which accounts for a majority of the gap at 2.14 million open spots.

North America has the second highest shortage of security professionals, at 498,000–a far cry from the millions in the APAC region. Europe, the Middle East, and Africa (EMEA) combined accounted for a shortage of 142,000, while Latin America claimed the smallest shortage at 136,000, the report said.

When it comes to the number of organizations lacking security-focused IT staff, 63% of the report’s respondents said they were. Due to this shortage of professionals in their organizations, 58% said they’re at moderate or extreme risk of being the victim of a cyberattack.

SEE: Information security policy (Tech Pro Research)

Among those who work in security, the shortage of professionals in the field has become their no. 1 concern, the report said, followed by a lack of resources needed to do their job. As such, almost half (48%) of those surveyed said their company is planning to increase security staffing over the next year. Some 39% aren’t changing their security staffing at all over the same time period, the report noted.

So, what does the current cybersecurity worker pool look like? Women have grown from 11% to 24% of the total security workforce, the release said. Millennial and Generation Y individuals are roughly 35% of the workforce, while Baby Boomers make up about 49%. These professionals make, on average, $85,000 a year.

Most of the employees surveyed said they’d been working in IT for about 13 years total, with seven of those spent on security initiatives. But, that doesn’t mean their path has been easy. Here are the three biggest challenges respondents said were holding them back from advancing in their career:

  1. Unclear career paths for cybersecurity roles (34%)
  2. Lack of organizational knowledge of cybersecurity skills (32%)
  3. The cost of education to prepare for a cybersecurity career (28%)

In terms of what these pros are focused on learning in their field, the biggest focus was cloud security followed by pen testing, threat intelligence, and forensics, according to the report.

Overall, many security professionals either like their job or are indifferent to it. Some 27% said they were very satisfied with their job, 41% said they were somewhat satisfied, 13% were neutral, 13% were somewhat dissatisfied, and 6% were very dissatisfied.

The big takeaways for tech leaders:

  • Globally the cybersecurity workforce gap has expanded to 2.93 million, with 2.14 million in APAC alone. — (ISC)2, 2018
  • The biggest challenges to security pros advancing in their jobs were unclear career paths, lack of organizational knowledge, and education cost. — (ISC)2, 2018