metamorworks – stock.adobe.com
Enterprises across the world are struggling to hire and retain qualified cyber security talent as the skills gap continues to grow, according to ISACA’s State of cybersecurity 2022 report.
In a survey of more than 2,000 cyber security professionals globally, ISACA found that 63% of respondents have unfilled cyber security positions, up eight percentage points from 2021.
A further 62% reported understaffed cyber security teams, with one in five saying it was taking over six months to find qualified candidates to fill open positions.
ISACA previously found that 46% of organisations were struggling to fill legal and compliance roles, and 55% technical privacy roles, as part of its Privacy in practice 2022 report.
In its latest report – State of cybersecurity 2022: Global update on workforce efforts, resources and cyberoperations – ISACA noted that 60% of survey respondents also reported difficulty in retaining qualified cyber security professionals, a 7% increase on 2021.
The top reasons for cyber security professionals leaving their jobs included being recruited by other companies (59%), poor financial incentives in terms of salary or bonus (48%), limited promotion and development opportunities (47%), high levels of work-related stress (45%), and lack of management support (34%).
Respondents indicated they were looking for a range of skills in potential candidates, with the biggest gaps being noted in soft skills such as communication, problem solving or leadership (54%), along with cloud computing (52%).
Cross-training of employees and the increased use of contractors and consultants were cited as the main ways enterprises were attempting to mitigate these skills gaps.
The report also noted that while universities remain the primary source of talent in the cyber security pipeline, with 52% of organisations requiring a degree to fill entry-level positions, their importance is appearing to wain as that percentage was 6% lower than in 2021.
However, it added that opinion remains split on whether recent university graduates with a degree are well prepared for the cyber security challenges that enterprises face.
“The great resignation is compounding the long-standing hiring and retention challenges the cyber security community has been facing for years, and systemic changes are critical,” said Jonathan Brandt, ISACA director, professional practices and innovation.
“Flexibility is key. From broadening searches to include candidates without traditional degrees, to providing support, training and flexible schedules that attract and retain qualified talent, organisations can move the needle in strengthening their teams and closing skills gaps,” he added.
In terms of the threat landscape, 43% of respondents said their organisation was experiencing a higher volume of cyber attacks than the same time last year, with the three top-of-mind concerns being enterprise reputation (79%), data breaches (70%) and supply chain disruption (54%).
Despite the challenges reported, an all-time high of 82% still indicated they were confident in their cyber security team’s ability to detect and respond to cyber threats.
“This confidence is remarkable, considering that 46% of respondent enterprises have a security staff of just two to 10 individuals,” said the report.
However, it further noted that despite some optimism, including in expectations that budgets will increase over the coming year, the cyber security skills shortage is not going away any time soon, and, if anything, appears to be getting worse.
“Given the ongoing seller’s market for cyber security professionals, enterprises are encouraged to focus on competitive total benefits packages as opposed to competitive salaries alone. Salary expectations vary, but it is likely that many small to medium-sized enterprises simply cannot compete with larger enterprises on salary,” the report stated.
“With the likelihood that budgets will continue to level, enterprises may find themselves constrained with respect to additional headcount salaries and should therefore identify other ways to remain competitive in sourcing and retaining talent,” it said.
Creating a safe metaverse experience means bringing all stakeholders to the table, according to experts.
Traditional shadow IT is giving way to business-led technology deployments that have the IT department’s approval. But CIOs must …
Experts speaking during ITIF’s AR/VR Policy Conference pointed out that businesses need to head into the metaverse with a strong …
Sophos said the exploitation of the critical firewall vulnerability has, at this time, affected “an extremely small subset of …
This five-step framework for performing a cybersecurity risk assessment will help your organization prevent and reduce costly …
Navigating the skills gap from an employer’s perspective starts with investing in talent. Get advice on how to develop and hire …
Enterprises need integrated security and networking frameworks to manage distributed IT environments and are looking to SD-WAN …
Automated pre-change network validation with Batfish can save time in the network change management process and minimize …
Valmont Industries wants an agile WAN that the company can modify in days instead of months. The global manufacturer is testing …
ServiceNow doubled down on its commitment to take the complexity out of digital transformation projects with a new version of its…
Arm’s roadmap for Neoverse V2 core is designed to handle 5G, HPC and edge workloads. Nvidia will incorporate the offering in its …
IBMs new generation of Linux-based mainframes can significantly reduce energy use for companies willing to replace x86 servers …
More organizations are turning to DataOps to bolster their data management operations. Learn how to build a team with the right …
Moving from an on-premises data system to the cloud can be a complex operation. Lufthansa is looking to remove some of the …
After a year in preview, the database vendor is making its serverless offering generally available. It provides a new …
All Rights Reserved, Copyright 2000 – 2022, TechTarget
Privacy Policy
Cookie Preferences
Do Not Sell My Personal Info