Over half (52%) of cybersecurity professionals are experiencing an increase in cyber-attacks compared to a year ago, according to new research from ISACA.
The professional association also found that companies are failing to regularly assess cyber risk with less than one in ten (8%) of organizations completing cyber risk assessments monthly while two in five (40%) conduct them annually.
This lack of assessment leaves organizations vulnerable to attacks and increases the risk of breaches going undetected for prolonged periods, according to ISACA.
Cybersecurity Skills Shortage Leaves Businesses Vulnerable
A lack of human resources is contributing to businesses not measuring and testing their cyber defenses regularly. Globally there is an estimated workforce shortfall of 3.4 million, according to ISC2 figures.
ISACA found that 62% of respondents report that their cybersecurity team is understaffed.
Of those organizations with unfilled roles in cybersecurity, 39% are looking to fill entry-level positions that do not require experience, university degree, or credentials. Typically, 44% of organizations state that they require a university degree to fill entry-level cybersecurity positions when they have them.
“Our findings show that businesses are still struggling to find the right people with the right skills to manage cybersecurity,” said Chris Dimitriadis, global chief strategy officer at ISACA.
“With cyber-attacks on the rise, if we do not solve these challenges and address the gaps, businesses, ecosystems of supply chains and public sector bodies could be at threat from a lack of vital protection, detection, response and recovery. Businesses do not exist in isolation from their customers or the other organizations within their network, and a cyber-attack on one part of the ecosystem can have consequences for everyone else. This is why holistic training is needed towards creating a safer world.”
Four Steps to Tackle the Cyber Skills Gap
- Upskill non-security staff
- Increase the use of contractors and external consultants
- Adopt reskilling programs
Cybersecurity professionals believe that hands-on experience in a cybersecurity role (97%), credentials held (88%), and completion of hands-on cybersecurity training courses (83%) are very or somewhat important when determining if a cybersecurity candidate is qualified.
All figures are based on fieldwork conducted by ISACA between May 13 and June 1, 2023, amongst a total of 556 respondents in Europe.