Companies around the world are struggling to hire and retain qualified cybersecurity talent as the skills gap continues to grow, according to ISACA. State of cybersecurity 2022 report.
In a survey of more than 2,000 cybersecurity professionals worldwide, ISACA found that 63% of respondents have cybersecurity positions open, eight percentage points more than 2021.
Another 62% reported understaffed cybersecurity teams, with one in five saying it took them more than six months to find qualified candidates to fill open positions.
ISACA previously found that 46% of organizations struggled to fulfill legal and compliance roles, and 55% technical privacy roles, as part of their Privacy in practice 2022 report.
In his last report – State of Cybersecurity 2022: Global Update on Cyber Workforce Efforts, Resources and Operations – ISACA noted that 60% of respondents also reported difficulty retaining qualified cybersecurity professionals, an increase from 7% in 2021.
The top reasons cybersecurity professionals left their jobs included being hired by other companies (59%), poor financial incentives in terms of salary or bonus (48%), limited opportunities for promotion and development (47%) , high levels of work-related stress (45%) and lack of managerial support (34%).
Respondents indicated they were looking for a variety of skills in potential candidates, with the largest gaps seen in soft skills such as communication, problem solving, or leadership (54%), along with cloud computing (52%).
Cross-training of employees and the increased use of contractors and consultants were cited as the main ways companies were trying to mitigate these skills gaps.
The report also noted that while universities remain the top source of talent in the cybersecurity pipeline, with 52% of organizations requiring a degree to fill entry-level positions, their importance appears to be declining as that percentage it was 6% lower than in 2021. .
However, he added that opinion remains divided on whether recent college graduates with a degree are well-prepared for the cybersecurity challenges businesses face.
“The big resignation is compounding longstanding hiring and retention challenges that the cybersecurity community has faced for years, and systemic changes are critical,” said Jonathan Brandt, director of professional practices and innovation for ISACA.
“Flexibility is key. From expanding searches to include candidates without traditional degrees, to providing support, training and flexible hours that attract and retain qualified talent, organizations can make progress in strengthening their teams and closing skills gaps.”
In terms of the threat landscape, 43% of respondents said their organization was experiencing a higher volume of cyberattacks than the same period last year, with the top three concerns being company reputation (79%), data breaches (70%) and supply chain disruption (54%).
Despite reported challenges, an all-time high of 82% still indicated they were confident in their cybersecurity team’s ability to detect and respond to cyber threats.
“This confidence is remarkable, considering that 46% of companies surveyed have a security staff of just two to 10 people,” the report said.
However, he further noted that despite some optimism, including expectations that budgets will increase over the next year, the cybersecurity skills shortage will not go away any time soon, and if anything, it appears to be getting worse.
“Given the ongoing vendor market for cyber security professionals, companies are encouraged to focus on competitive total benefits packages rather than competitive salaries alone. Salary expectations vary, but it is likely that many small and medium-sized companies simply cannot compete with larger companies on salary,” the report states.
“With budgets likely to continue to level off, companies may be constrained with regard to additional staff salaries and therefore should identify other ways to remain competitive in recruiting and retaining talent,” he said.