World needs 21 million cyber security professionals - but there's only 3,000 now, warns expert

'671.9 million of the internet's 672 million websites aren't being properly tested,' says WhiteHat's Robert Hansen

There's an extreme lack of online security professionals, with 21 million more required in order to properly provide protection against threats from hackers and cyber criminals on the web, a cyber security expert has told Computing.

The comments by Robert Hansen, director of product management for security firm WhiteHat Security, come after former White House director of cyber security Chris Finan warned there aren't enough ‘good' hackers willing to put up a fight against cyber criminals.

"The math is fairly simple. If there are approximately 672 million websites on the public internet, if it takes around 16 hours on average to perform a web application assessment, the average worker performs 2,000 work hours per year," explained Hansen, who said there are currently only a few thousand people across the globe with the skills required to do this.

"There are approximately 3,000 people in the world capable of performing web application assessments, and compliance mandates four assessments per year, then we have a deficit of around 21 million web application security testers."

That, Hansen continued, means over 99 per cent of websites aren't being properly tested to see whether they harbour malicious threats.

"With our current workforce, approximately 671.9 million of the 672 million sites on the internet aren't being properly tested, and that's just talking about web applications," he said.

According to Hansen, one of the best ways for organisations to fight back against cyber crime is to hire those who've previously been involved in "black hat" malicious computer hacking but have since gone straight.

"I'll tell you this much: the best people I know, every single one of them has broken a computer law," he previously told Computing.

"What do you define ‘black hat' as? If you define it as somebody who's taking advantage of something they shouldn't have taken advantage of, then I don't know of any expert who hasn't broken at least one and become black hat by that definition," Hansen added.