The worldwide cyber-security skills gap continues to present a significant challenge, according to the IT association ISACA’s new cybersecurity workforce research. More than half, 59 percent of information security people report unfilled cyber or information security positions within their organisation.
Among the findings in part one of the ISACA State of Cybersecurity 2018 Report, released at the RSA Conference in San Francisco, four in five security people (81 percent) surveyed indicated that their enterprise is likely or very likely to experience a cyberattack this year. Half of respondents indicate that their organization has already experienced an increase in attacks over the previous 12 months.
Some 31 percent say their board has not adequately prioritised enterprise security.
Men tend to think women have equal career advancement in security, while women say that’s not the case. A 31-point perception gap exists between male and female respondents, with 82 percent of male respondents saying men and women are offered the same opportunities for career advancement in cybersecurity, compared to just 51 percent of female respondents. Of those surveyed, about half (51 percent) of respondents report having diversity programs in place to support women cybersecurity professionals.
Individual contributors with strong technical skills continue to be in high demand and short supply. More than seven in ten respondents say their organizations are seeking this kind of candidate. Time to fill open cybersecurity positions has decreased slightly. This year, 54 percent of respondents say filling open positions takes at least three months, compared to last year’s 62 percent.
Gender disparity exists but can be mitigated through diversity programmes, that clearly have an impact. In organisations that have one, men and women are much more likely to agree that men and women have the same career advancement opportunities. Eighty-seven percent of men say they have the same opportunities, as compared to 77 percent of women. While a perception gap remains, it is significantly smaller than the 37-point gap among men and women in organizations without diversity programs (73 percent of men in organizations without diversity programs say advancement opportunities are equal, compared to 36 percent of women).
Security managers are seeing a slight improvement in number of qualified candidates. Last year, 37 percent of security professionals said fewer than 25 percent of candidates for security positions were sufficiently qualified. This year, that number dropped to 30 percent. Budgets are increasing. Sixty-four percent of respondents indicate that security budgets will increase this year, compared to 50 percent last year.
ISACA CEO Matt Loeb, CGEIT, CAE said: “This research suggests that the persistent cybersecurity staffing problem is not a financial one. Even though enterprises have more budget than ever to hire, the available workforce lacks the skills organizations critically need. More of those dollars will need to be invested in technical cybersecurity training, along with effective retention programs. Practitioners who acquire and demonstrate hands-on technical cybersecurity skills will find themselves in significant demand.”
To download a copy of part one, visit https://cybersecurity.isaca.org/state-of-cybersecurity. The second volume will cover evolving threat landscapes, including trends related to enterprise threats.
