Isaca: ‘Security experts are under stress’

stress

New research by Isaca shows that cybersecurity teams cannot keep up with the growing number of cyber attacks. Shortage of people and budget play a major role in this.

For its annual State of Cybersecurity report, Isaca keeps its finger on the pulse of security experts worldwide. 1,868 respondents filled out this year’s questionnaire. Life for security teams has not gotten any easier over the past 12 months, the survey shows. Two in three respondents (68%) say their jobs are more stressful than they were five years ago.

read also

Made in Belgium: quality label for security?

The complex security landscape is the main reason for this. 41 percent say they face more cyber attacks. 58 percent expect to face an attack this year, which is six percentage points more than last year.

Understaffed, underfunded

To be prepared for the wave of attacks, adequate investments in personnel and skills are needed. That’s another area where security experts wring their hands. Six in 10 respondents (61%) feel the security team is understaffed. A good half feel the budget for IT security is inadequate. Isaca finds no correlation between staffing levels and the use of AI within security teams.

There are fewer open positions than a year ago, but vacancies are far from getting filled. 19 percent of organizations have open entry-level job openings, down only slightly from 2023 (22 percent). The number of companies with open non-entry-level job openings is also falling slightly, from 53 percent to 48 percent. Good news for employers is that employees are choosing security and are less likely to change jobs.

The challenging economic climate is making itself felt in other ways. Many employers are being more frugal in providing training for staff. Security experts are primarily experiencing a shortage of soft-skills within their teams with communication skills up front (54%), followed narrowly by problem-solving (53%) and critical thinking (48%).

“In an increasingly complex threat landscape, it is vital that we as an industry overcome these obstacles of underfunding and understaffed teams. Without strong, skilled teams, the security resilience of entire ecosystems is at risk, leaving critical infrastructure vulnerable,” said Chris Dimitriadis, Chief Global Strategy Officer at Isaca.