A recent study conducted by ISACA, a leading global professional association focused on digital trust, reveals that over half (52%) of cybersecurity professionals are experiencing an increase in cyberattacks compared to a year ago. This finding underscores the growing threat faced by businesses in the digital landscape.
The research also highlights a concerning trend in cyber risk assessments. Despite recognizing the heightened threat, only 8% of organizations complete these assessments monthly, while 40% conduct them on an annual basis. This failure to regularly assess cyber risk leaves organizations vulnerable to attacks and increases the likelihood of breaches going undetected for extended periods of time.
One of the key factors contributing to this vulnerability is the lack of human resources allocated to cybersecurity. The study found that 62% of respondents reported that their cybersecurity team was understaffed. Furthermore, of the organizations with open positions in cybersecurity, 39% are seeking to fill entry-level roles that do not require experience, a university degree, or specialized credentials. Interestingly, despite this demand for entry-level positions, 44% of organizations still stipulate a university degree as a requirement.
Chris Dimitriadis, the Global Chief Strategy Officer at ISACA, emphasizes the urgent need to address these challenges and bridge the cyber skills gap. He states, “Our findings show that businesses are still struggling to find the right people with the right skills to manage cybersecurity. With cyberattacks on the rise, if we do not solve these challenges and address the gaps, businesses, ecosystems of supply chains, and public sector bodies could be at threat from a lack of vital protection, detection, response, and recovery.”
To tackle the cyber skills gap and enhance cyber resilience, there are several steps that businesses can take. The study reveals that 50% of organizations are already upskilling their non-security staff, 46% are increasing the use of contractors or external consultants, and 27% are implementing reskilling programs.
According to cybersecurity professionals surveyed, hands-on experience in a cybersecurity role (97%), credentials held (88%), and completion of hands-on cybersecurity training courses (83%) are deemed important factors in evaluating the qualifications of a cybersecurity candidate. This highlights the need for practical experience and ongoing professional development in the industry.
Chris Cooper, a member of ISACA’s Emerging Trends Working Group, emphasizes the importance of nurturing talent in the cybersecurity industry to maintain cyber resilience in an ever-evolving threat landscape. He says, “If businesses are to maintain their cyber resilience in an ever-evolving threat climate, we must encourage and nurture talent in the cybersecurity industry. Employers are looking for people who already have hands-on experience, but we will only enable people to build that experience by creating more entry-level roles and investing in the right training and development for everyone in the industry, from the ground up.”
To delve deeper into the study findings and discuss potential solutions, a webinar featuring Jon Brandt, ISACA Director of Professionals Practices and Innovation, and Martin Van Horenbeeck, Senior Vice President and Chief Security Officer at Adobe, will take place on October 3rd. Interested individuals can register for the webinar on the ISACA website.
In conclusion, the State of Cybersecurity 2023 survey conducted by ISACA highlights the increasing number of cyberattacks faced by businesses and the challenges they encounter in managing cybersecurity. To address these issues, businesses should focus on regular cyber risk assessment, upskilling their workforce, and creating more entry-level roles accompanied by comprehensive training and professional development programs. By taking these steps, organizations can enhance their cyber resilience and better protect themselves against the ever-evolving threat landscape.