Thinking of a career change? Consider cyber security, as a recent survey by Cybrary found that a lack of required professional skills is still hampering companies’ ability to deliver cyber security to meet their evolving needs.

The Cyber Security Job Trends Survey for 2016 found that 68 percent of respondents said there is a global shortage of skilled cyber security professionals, according to Cybrary, a no-cost open online cyber security course provider. Moreover, only 13 percent of companies surveyed said there was an abundance of talented cyber security staff in their local areas.

Ryan Corey, co-founder of Cybrary, said the numbers should be of concern to not just companies but the general public, as they point to the need for immediate changes to make sure there are a sufficient number of professionals skilled in protecting against cyber security threats.

“Companies with pressing cyber security needs are finding that there’s a major lack of qualified professionals to fill their positions, which makes them vulnerable to cyber attacks,” he said in a press release. “This underscores the need for better access to cyber security training, which can get new talent into the field quickly, help close the cyber security skills gap, and make companies more secure.”

The survey—which polled 435 senior-level technology professionals—found that employers face significant challenges in recruiting cyber security professionals. More than 80 percent of respondents reported they always or sometimes have trouble recruiting skilled cyber security professionals, with 40 percent citing a lack of skills. Other reasons they face difficulties in recruitment include lack of resources to properly find and attract talent, according to 18 percent of those surveyed, and the location of those skilled enough to fit certain positions, according to 14 percent.

Companies are also struggling with how to recruit cyber security professionals, with 37 percent of respondents saying they use their human-resources department for this purpose. However, nearly 25 percent of those surveyed said they still haven’t figured out the best way to recruit cyber security staff, and this issue means some available positions can stay open up to four months before a company finds a qualified professional.

The survey also showed what type of cyber security certifications companies are looking for in potential staff. Those most in demand include Security+, Ethical Hacking, Network+, CISSP, and A+. Skills companies seek the most when recruiting are Ethical Hacking, Computer Forensics, CISSP, Malware Analysis and Advanced Penetration Testing, according to the survey.

Respondents to the survey also provided details on the average salaries of cyber security workers, with 50 percent of companies reporting that the average cyber security worker earns $25,000 to $50,000 per year.

Others reported higher paychecks for cyber security staff, with 21 percent saying they pay $50,000 to $75,000 per year to cyber security professionals; 17 percent pay $75,000 to $100,000 per year.

Only 12 percent reported that the average cyber security worker makes more than $100,000 per year.