Companies are increasingly becoming victims of cyberattacks, while continuing to struggle with staff shortages, stress, and slow progress.
Research by ISACA among IT and cybersecurity experts, including European teams, shows that companies are experiencing many more cyberattacks than last year. In a report based on the research, ISACA lists the challenges companies face.
Stress and Insufficient Skills
Despite the rising number of cyber threats, only 38 percent of surveyed IT professionals are confident in their company’s ability to detect and counter them.
The increasing complexity of threats is also causing more stress among security professionals. 65 percent cite the changing threat landscape as a major stress factor. While there are slight improvements in staffing and budgets, these are not progressing quickly enough. 58 percent of respondents say their company is still understaffed, compared to 61 percent last year. Regarding budgets, 54 percent see a lack of security funding, compared to 58 percent last year.
Additionally, two out of three find their job more stressful than five years ago. They don’t receive enough internal professional guidance to cope with this stress. Nearly half (54%) link their stress to unrealistic expectations or excessive workload, 48 percent to poor work-life balance, and 36 percent to their teams lacking the right skills or not receiving training.
Finding the Right Personnel
Attracting and retaining talent remains a challenge as well. 52 percent of organizations struggle with staff retention. Entry-level positions prove particularly difficult to fill: 19 percent have open positions that require no experience or degree, but almost half (45%) take three to six months to fill such positions.
Despite the staff shortage, cybersecurity teams are increasingly taking on AI-related tasks. More than half (51%) have contributed to developing AI governance policies, compared to 36 percent last year. Additionally, 46 percent are actively involved in AI implementation. AI is primarily used for threat detection, endpoint security, and automating routine tasks. This indicates accelerated AI adoption and a need to comply with European security regulations such as the AI Act and NIS2. According to ISACA, there is a need for better recruitment processes and more efficient task distribution.