Shortage of Personnel in More than 60% of Cybersecurity Departments

Cybersecurity has become one of the hottest topics in the business world as cyber threats continue to increase both in number and sophistication. However, recent research published by ISACA reveals a worrying gap in companies’ preparedness to deal with these threats.

Fifty-two percent of cybersecurity professionals say they are experiencing an increase in cyber attacks. Despite this clear increase in threats, only 8% of organisations conduct cyber risk analyses on a monthly basis, while 40% do so on an annual basis. This lack of regular assessment exposes companies to increased risks and the possibility of security breaches going undetected for long periods of time.

Staffing shortages

A key factor contributing to this lack of preparedness is the understaffing of cybersecurity teams. Shockingly, as many as 62% of respondents to ISACA’s research report that their cybersecurity team is understaffed. This means that a large proportion of companies do not have the human resources necessary to effectively measure and test their cyber defences.

The situation is further exacerbated when you look at what type of staff organisations are looking for to fill these vacancies. Thirty-nine per cent of companies are looking to fill entry-level positions that do not require prior experience, a university degree, or specific credentials. However 44% of organisations insist that candidates for entry-level positions in cybersecurity must have a university degree. This discrepancy in requirements demonstrates that there is a lack of industry consensus on the qualifications needed to address the cybersecurity workforce shortage.

Chris Dimitriadis, ISACA’s Director of Global Strategy, emphasises the gravity of this situation by stating that his research findings show that “companies are still struggling to find the right people with the right skills to manage cybersecurity”. With cyber attacks steadily increasing, it is essential to address this challenge and close the gaps in the cybersecurity workforce. Otherwise businesses, supply chains, and public sector bodies could be at risk due to a lack of effective protection, detection, response, and recovery.

Training and outsourcing

To address this cybersecurity skills crisis, some companies are already taking action. Fifty percent of them are investing in upskilling their non-security staff, recognising that cybersecurity is everyone’s responsibility. In addition, 46% are using external contractors or consultants to increase their ability to respond to cyber threats. Finally, 27% of companies are implementing retraining programmes, providing opportunities for their staff to acquire additional cybersecurity skills.

Cybersecurity professionals also provided valuable information on what they consider crucial when assessing a candidate’s qualifications for a cybersecurity position. Practical experience in a cybersecurity role tops the list with 97% agreeing on its importance. Maintained credentials (88%) and completion of practical cybersecurity training courses (83%) are also considered highly important factors.