San Francisco, CA, USA — Nearly 70 percent believe their cybersecurity teams are understaffed
Organizations are struggling to keep their cybersecurity workforce staffed as competitors increasingly pick off employees who are enticed by higher pay and bonuses, according to ISACA’s new cybersecurity workforce research.
The short supply of qualified cybersecurity professionals has led to unfilled positions and a widening work skills gap. A whopping 69 percent of respondents say their cybersecurity teams are understaffed.
Part 1 of ISACA’s State of Cybersecurity 2019 report analyzes the trends of cybersecurity hiring, retention, gender diversity and budget implications. “Current Trends in Workforce Development” was released today at the RSA Conference in San Francisco. The research found:
- Cybersecurity professionals are still in short supply and hard to find, particularly for roles that require technical proficiency.
- Retaining cybersecurity professionals is exceptionally difficult, even when enticements such as training and certification are provided.
- Gender diversity programs are declining and perceived as less effective than in the past.
- Cybersecurity budget increases are expected to slow slightly.
“We’re in a highly fluid environment where organizations are increasingly challenged by competitive forces,” said Rob Clyde, CISM, board chair of ISACA. “Creative and competitive retention efforts are more important than ever in the current environment, and organizations should make it a priority to identify ways to boost their cybersecurity teams.”
ISACA will be offering perspective on this in its panel on building and keeping cybersecurity teams with non-traditional staff at the RSA Conference on 6 March.
While 57 percent of respondents say their organizations offer increased training as incentives to keep people within an organization, an overwhelming 82 percent indicate that most individuals leave their companies for another because of financial and career incentives such as higher salaries, bonuses and promotions.
However, Frank Downs, director of cybersecurity practices at ISACA, points out that such incentives are not necessarily what cybersecurity professionals need to advance in their careers. Business acumen is key.
“The most prized hire within a cybersecurity organization is a skilled professional, who not only understands the business operation and how cybersecurity fits into the greater needs of the organization, but also knows how to communicate well,” said Downs.
In the survey, 58 percent of respondents note that their organizations have unfilled cybersecurity positions. The results also show that there is a 6 percentage-point increase, year over year, of organizations languishing at least six months before they are able to fill open cybersecurity positions—increasing from 26 percent in 2017 to 32 percent in 2018.
Gender Diversity Programs in Decline
Only 45 percent of the survey’s female respondents believe that both men and women have equal opportunity for career advancement. This represents a downward trend from 51 percent the previous year. The survey also finds that less than half of cybersecurity organizations have a gender diversity program, and the perception of their effectiveness, when compared to previous years, is declining.
“Attempts to diversify the workforce and create gender inclusion are either not happening enough or are failing to meet employee expectations,” said Clyde. “Respondents do not believe their organizations prioritize increasing the number of women in cybersecurity roles or advancing them within the organization.”
Cybersecurity Budget Increases Are Expected to Slow
Most respondents still expect an increase in cybersecurity budget, but not as much as in the previous year; 55 percent report they expect an increase in cybersecurity budgets, a decrease of nine points from last year’s 64 percent. When asked about funding, 60 percent of respondents indicate that they consider their cybersecurity budget to be underfunded, with nearly 20 percent believing that their budgets are significantly underfunded.
State of Cybersecurity 2019 is a free download at https://cybersecurity.isaca.org/state-of-cybersecurity. The report is the latest research from ISACA’s Cybersecurity Nexus, which offers credentials, training, guidance and research for security professionals.