According to a study of the Information Systems Audit and Control Association (ISACA), nearly two-thirds (62%) of cybersecurity teams are understaffed, and 63% have unfilled vacancies.
The report highlighted organizations’ ongoing struggles to hire and retain skilled cybersecurity professionals.
A fifth of the respondents admitted that it takes more than six months to find qualified cybersecurity candidates for open positions. The top three factors used to determine whether a candidate is qualified are hands-on cybersecurity experiences (73%), credentials (36%) and hands-on training (25%)
60% of the respondents admitted facing difficulties in retaining cybersecurity staffs, representing a rise of 7% from ISACA’s 2021 report. A range of factors was cited for cybersecurity professionals leaving their roles, the most prominent of which was being recruited by other companies (59%), poor financial incentives in terms of salary or bonus (48%), limited promotion and development opportunities (47%), high work stress levels (45%) and lack of management support (34%).
Interestingly, soft skills (54%) was cited as the top missing skill type in cybersecurity teams, followed by cloud computing (54%) and security controls (34%). According to the respondents, the most important soft skills are communication (57%), critical thinking (56%) and problem-solving (49%).
Organizations’ primary methods to mitigate their cyber skills gaps are cross-training of employees (up 2%) and increased use of contractors and consultants (up 5%).
Additionally, there was a 6% decline (52%) in enterprises that require their cybersecurity staffs to have university degrees, indicating an increasing number of enterprises are widening their search for candidates to a broader range of backgrounds and experiences.
The study also found a significant 8% rise (43%) in organizations that are experiencing more cyber-attacks compared to 2021*. The most common attacks listed by respondents were social engineering (13%), advanced persistent threats (12%), security misconfiguration (10%), ransomware (10%), unpatched systems (9%) and denial of service (9%).
Encouragingly, there was a 5% rise (42%) in the number of respondents who said their cybersecurity budgets are appropriately funded, with 55% expecting budget increases. Additionally, 82% expressed confidence in their cybersecurity team’s ability to detect and respond to attacks.
Based on the figures mentioned above, we clearly see that there is a lack of cybersecurity professionals globally and Mauritius suffer from this shortage of skill as well.
Does your company have a fully operational cybersecurity team? If not, you can contact us for assistance.