Nearly 70 percent of organizations have understaffed Cybersecurity teams: ISACA
Organizations are struggling to keep their cybersecurity workforce fully staffed as competitors increasingly pick off employees who are enticed by higher pay and bonuses, according to ISACA’s new cybersecurity workforce research.
The short supply of qualified cybersecurity professionals has led to unfilled positions and a widening work skills gap. A whopping 69 percent of the 1,576 respondents say their cybersecurity teams are understaffed.
Part 1 of ISACA’s State of Cybersecurity 2019 report analyzes the trends of cybersecurity hiring, retention, gender diversity and budget implications. “Current Trends in Workforce Development” The research found:
- Cybersecurity professionals are still in short supply and hard to find, particularly for roles that require technical proficiency.
- Retaining cybersecurity professionals is exceptionally difficult, even when enticements such as training and certification are provided.
- Gender diversity programs are declining and perceived as less effective than in the past.
- Cybersecurity budget increases are expected to slow slightly.
“We’re in a highly fluid environment where organizations are increasingly challenged by competitive forces,” said Rob Clyde, CISM, board chair of ISACA. “Creative and competitive retention efforts are more important than ever in the current environment, and organizations should make it a priority to identify ways to boost their cybersecurity teams.”
While 57 percent of respondents say their organizations offer increased training as incentives to keep people within an organization, an overwhelming 82 percent indicate that most individuals leave their companies for another because of financial and career incentives such as higher salaries, bonuses and promotions.
However, Frank Downs, director of cybersecurity practices at ISACA, points out that such incentives are not necessarily what cybersecurity professionals need to advance in their careers. Business acumen is key.
“The most prized hire within a cybersecurity organization is a skilled professional, who not only understands the business operation and how cybersecurity fits into the greater needs of the organization, but also knows how to communicate well,” said Downs.
In the survey, 58 percent of respondents note that their organizations have unfilled cybersecurity positions. The results also show that there is a 6 percentage-point increase, year over year, of organizations languishing at least six months before they are able to fill open cybersecurity positions—increasing from 26 percent in 2017 to 32 percent in 2018.
Most respondents still expect an increase in cybersecurity budget, but not as much as in the previous year; 55 percent report they expect an increase in cybersecurity budgets, a decrease of nine points from last year’s 64 percent. When asked about funding, 60 percent of respondents indicate that they consider their cybersecurity budget to be underfunded, with nearly 20 percent believing that their budgets are significantly underfunded.