Computer security measures are woven into every part of our deeply networked world, so it's no surprise that the Bureau of Labor Statistics (BLS) expects careers in the information security analysis field to grow rapidly in coming years. But where can you work once you earn an online cybersecurity degree? And what paths can your cybersecurity career follow? To find out, we examined data from labor market analytics company Emsi Burning Glass and the results of a workforce survey by the International Information System Security Certification Consortium, or (ISC)2.
Who Needs Cybersecurity?
The more apt question might be, "Who doesn't need cybersecurity?" The word "cybersecurity" is apt because it's derived from "cybernetics," the study of systems of control. Now that even ordinary household items are commonly connected to the internet, all types of organizations need cybersecurity experts to ensure that their computer systems stay under their control.
Many cyberattacks have targeted government agencies and politicians around the world, but the private sector has just as much to worry about at all levels. Spectacular breaches of large organizations get the most media attention, as in the Equifax case of 2017, but the World Economic Forum points to small and medium-sized businesses as prime targets for cybercriminals. Many of these entities serve important functions in global supply chains but often don't employ dedicated computer security professionals.
Given all this, the workforce is ready to absorb more professionals who can test network security, harden cyber defenses, and forensically interpret attacks to help prevent the next one.
What Industries Use Cybersecurity?
A large variety of fields hire cybersecurity experts as permanent staff or temporary consultants. Internet access has ballooned since the turn of the century, and both governments and businesses have taken advantage of the larger reach this provides to deliver goods and services. But all networks have vulnerabilities, so cybersecurity graduates work in industries as diverse as these:
The IT consulting and finance sectors employ the highest numbers of cybersecurity professionals. Data from Emsi Burning Glass and the (ISC)² agree on this, though they approach it from different angles: Emsi Burning Glass maintains a database of employer job posts and social media profiles, while the (ISC)² conducted an extensive survey of cybersecurity workers between 2020 and 2021.
The IT consulting and finance sectors employ the highest numbers of cybersecurity professionals.
In all, 24% of (ISC)² survey respondents claimed to work in IT services, while 10% said they held jobs at financial institutions. According to Emsi Burning Glass, the technical services consulting sector sought nearly 39,000 cybersecurity employees in the 2021-2022 period. At the same time, finance and insurance employers opened almost 33,000 positions.
The graph below shows the five industries that posted the most cybersecurity jobs in the U.S. between 2021 and 2022.
On the consulting side, many information security analysts work for firms that provide cybersecurity advice, testing, and software to organizations that don't have dedicated security staff. As a consultant, you might lend your talents to a range of clients; for example, you could spend three months fortifying a state college system's networks before switching to a contract with an international shipping firm.
When we dig further into the data, we find that the top function for security professionals in finance is depository credit intermediation. This refers to companies and departments that accept money deposits from customers — essentially, employers require cybersecurity expertise to ensure the integrity of their payment systems. This is especially crucial to credit card and e-commerce entities.
Insurance carriers also hire large contingents of security experts. This is unsurprising, given the large potential payouts that insurance companies might make to cover claimants who pay ransom to hackers.
Unsurprisingly, it was finance, consulting, and insurance companies that hired the most cybersecurity graduates in 2021-2022.
Cybersecurity Industry Trends
The most important trend for you to understand as a student is that cybersecurity skills will be valuable and marketable for the foreseeable future. The BLS projects 33% growth in new cybersecurity positions between 2020 and 2030, driven by the increasing sophistication of cyberattacks.
But what are some of the new cyberthreats that you might face? Below, we've presented a few concerns that are likely to drive cybersecurity hiring in the near term.
Companies are networked in potentially more vulnerable ways than they were before the COVID-19 pandemic because remote work opens more exploitable entry points between connections. Cyber experts refer to these new security risks as an expanded attack surface, which malignant actors can probe for weaknesses. Cybersecurity experts can help mitigate this trend by improving cloud security and teaching employees in all industries how to spot malware and phishing attacks.
This technology uses principles of theoretical physics to perform computer functions. Industry watchers are mainly concerned with the idea that quantum computers may be able to break any currently existing method of encryption, which would leave personal data exposed for all to see. Computer scientists are still unsure of quantum computing's potential, which is why the consulting firm Deloitte classifies this threat as a "known unknown."
Identity and Access Management
Besides expanding the cyber attack surface, distributed workforces have also increased the potential for cybercriminals to falsely use other people's identities and log-in credentials. Consulting firms require cybersecurity alumni to help clients establish new authentication protocols in this area.
These attacks involve hackers hijacking a system to cause a physical change in the world, such as shutting down an electrical power grid or taking control of a military drone. The energy, military, and healthcare industries may be especially vulnerable to these attacks, and all of them are hiring experts to patch gaps in their security.
AI and Machine Learning
Hackers can use these technologies to automate the process of probing an organization's defenses. However, organizations can also do the same to protect their data infrastructure. Security managers can use AI to perform penetration testing, warn them of attacks in progress, and stand up defenses against bots.
FAQS About the Top Industries for Cybersecurity
What Are the Benefits of Cyber Security?
Experts agree that cyberthreats to both public and private entities are growing more sophisticated. Successful attacks and data breaches can threaten national security and cost businesses huge amounts of money. Even individuals can be targets for data hacking and blackmail. Cybersecurity professionals provide potentially helpful services by preventing attacks from happening, mitigating the harm from those that do occur, and determining the perpetrators after the fact.
What Is the Average Cost of a Cyber Attack?
According to IBM's Data Breach Report 2021, $4.24 million is the average total cost of a data breach. This is an increase of 10% from the year before. Healthcare organizations suffered the worst costs, suggesting that their cybersecurity infrastructure isn't as robust and resilient as in other industries. The average total cost of a ransomware breach is even higher, at $4.62 million.
Which Industries Are Most at Risk for Cyber Security Attacks?
In the U.S., the most targeted industries in 2021 were manufacturing, professional and business services, and retail. Worldwide, the manufacturing industry was also the biggest target for cybercrime, followed by finance and insurance, then professional and business services. Ransomware attacks are the most common threats to these industries' systems; in these scenarios, hackers insert malware that steals sensitive data and grants them leverage to demand ransom.
How Many People Do Companies Employ to Work on Cyber Security?
This varies by industry and even by employer. Cybersecurity consulting firms consist mainly of individuals who work on these issues because they make money by offering cybersecurity solutions to other organizations. But employers in other industries employ cybersecurity professionals only to ensure that their main functions continue uninterrupted, which might be making profits or providing public services. Most companies and agencies aren't eager to publish their cybersecurity headcount lest it encourage cybercriminals to exploit weaknesses.