The Great Resignation is plaguing industries; but it’s especially challenging within in-demand fields like cyber security, an IT membership association suggests. According to ISACA’s new survey report, State of Cybersecurity 2022: Global Update on Workforce Efforts, Resources and Cyberoperations, businesses are struggling more than ever with hiring and retaining qualified cyber professionals and managing skills gaps.
The eighth annual survey draws on more than 2,000 cyber people, and examines staffing and skills, resources, threats and cyber security maturity.
Filling cybersecurity roles and retaining talent continues to be a challenge for many,the survey suggests. Some 63 per cent of respondents indicate they have unfilled cybersecurity positions, up eight percentage points from 2021. Some 62 percent report that their cyber teams are under-staffed. One in five say it takes more than six months to find qualified cyber candidates for open positions. As for what hiring managers use to determine whether a candidate is qualified are prior hands-on cyber experience (73 percent), credentials (36 percent) and hands-on training (25 percent).
Some 60 percent of respondents report difficulties retaining qualified cyber professionals, up seven percentage points from 2021. The reasons that cyber professionals are leaving their jobs include:
Recruited by other companies (59 percent)
Poor financial incentives in terms of salary or bonus (48 percent)
Limited promotion and development opportunities (47 percent)
High work stress levels (45 percent)
Lack of management support (34 percent)
A discussion of these findings in a free webinar is on March 31, at 12:00 PM EDT (4 PM UTC). To register, visit https://store.isaca.org/. The State of Cybersecurity 2022 survey report can be accessed at www.isaca.org/state-of-cybersecurity-2022.
Respondents indicate they are looking for a range of skills in candidates, noting the top skills gaps they see are ‘soft’ skills (54 percent), cloud computing (52 percent) — a new response option for this question — and security controls (34 percent). Soft skills also top the list of skills gaps among recent graduates, at 66 percent. Among the top soft skills deemed important are communication (57 percent), critical thinking (56 percent) and problem solving (49 percent).
To address these skills gaps, respondents point to cross training of employees (up two percentage points from last year) and more use of contractors and consultants (up five percentage points from the year before). A smaller percentage of respondents, 52 percent, indicate that their enterprises require university degrees, a six-percentage-point decrease from last year.
Jonathan Brandt, ISACA Director, Professional Practices and Innovation says: “The Great Resignation is compounding the long-standing hiring and retention challenges the cybersecurity community has been facing for years, and systemic changes are critical. Flexibility is key. From broadening searches to include candidates without traditional degrees to providing support, training and flexible schedules that attract and retain qualified talent, organisations can move the needle in strengthening their teams and closing skills gaps.”
43 percent of respondents indicate that their organisation is experiencing more cyberattacks, an eight-percentage-point increase from last year.
Asked about their main concerns related to cyber attacks, enterprise reputation (79 percent), data breach concerns (70 percent) and supply chain disruptions (54 percent) are top of mind for respondents. While ransomware attacks top the headlines, the survey found that ransomware attacks have remained virtually unchanged from last year, at 10 percent. Other top types of cyberattacks experienced in the past year include:
Social engineering (13 percent)
Advanced persistent threat (12 percent)
Security misconfiguration (10 percent)
Ransomware (10 percent)
Unpatched system (9 percent)
Denial of service (9 percent)
Despite the threats, most, 82 percent of respondents — an all-time high, and a five-percentage-point increase from last year — say they are confident in their cyber team’s ability to detect and respond to threats.
Comment
Nick Lowe, VP EMEA at cyber firm Tufin described the skills shortage, plus the increasing complexity of corporate network, as a watershed movement for the security industry. He said security teams must find ways to manage policies across distributed networks that saves time and resources.
“The report surveyed more than 2,000 cyber security professionals globally, and 62pc of the companies surveyed reported understaffed cyber security teams, with one in five companies taking six months to find qualified candidates to fill open positions.
“To mitigate against this widespread shortage, businesses must lean heavily on automation – which frees up valuable time and resources, enabling businesses to get back on top of their security operations. Without automation, businesses are effectively ‘flying blind’ – as well as acting as a buffer against the current skills shortage, automation is the safety net businesses need to gain visibility – ensuring security policies are optimised and compliant.”
