Nearly 70 percent of organizations have understaffed Cybersecurity teams: ISACA

By Moneycontrol News

Moneycontrol News

Organizations are struggling to keep their cybersecurity workforce fully staffed as competitors increasingly pick off employees who are enticed by higher pay and bonuses, according to ISACA’s new cybersecurity workforce research.

The short supply of qualified cybersecurity professionals has led to unfilled positions and a widening work skills gap. A whopping 69 percent of the 1,576 respondents say their cybersecurity teams are understaffed.

Related News

Part 1 of ISACA’s State of Cybersecurity 2019 report analyzes the trends of cybersecurity hiring, retention, gender diversity and budget implications. “Current Trends in Workforce Development” The research found:


While 57 percent of respondents say their organizations offer increased training as incentives to keep people within an organization, an overwhelming 82 percent indicate that most individuals leave their companies for another because of financial and career incentives such as higher salaries, bonuses and promotions.

However, Frank Downs, director of cybersecurity practices at ISACA, points out that such incentives are not necessarily what cybersecurity professionals need to advance in their careers. Business acumen is key.

“The most prized hire within a cybersecurity organization is a skilled professional, who not only understands the business operation and how cybersecurity fits into the greater needs of the organization, but also knows how to communicate well,” said Downs.

In the survey, 58 percent of respondents note that their organizations have unfilled cybersecurity positions. The results also show that there is a 6 percentage-point increase, year over year, of organizations languishing at least six months before they are able to fill open cybersecurity positions—increasing from 26 percent in 2017 to 32 percent in 2018.

Most respondents still expect an increase in cybersecurity budget, but not as much as in the previous year; 55 percent report they expect an increase in cybersecurity budgets, a decrease of nine points from last year’s 64 percent. When asked about funding, 60 percent of respondents indicate that they consider their cybersecurity budget to be underfunded, with nearly 20 percent believing that their budgets are significantly underfunded.