New Study Finds More than 60% of Organizations Under Report Cyberattacks

ISACA Report Highlights Crucial Insights for Cybersecurity Professionals

In its annual research report, "State of Cybersecurity 2023: Global Update on Workforce Efforts, Resources, and Cyberoperations," sponsored by Adobe, the Information Systems Audit and Control Association (ISACA) delivers essential insights for cybersecurity professionals. Drawing from the input of approximately 2,000 security leaders worldwide, the report delves into the ever-evolving landscape of cybersecurity, addressing workforce challenges, opportunities, and financial considerations.

Understaffing and Skills Gap:

• An alarming 59% of cybersecurity teams find themselves understaffed, highlighting the growing demand for skilled professionals in the field.
• While 50% of respondents report job openings for non-entry level roles, only 21% have job openings for entry-level positions.
• The challenge of retaining qualified cybersecurity professionals persists, with 56% of leaders facing this issue, though this marks a slight improvement from the previous year.

Top Technical Skills in Demand:

Employers are increasingly seeking expertise in various technical domains, with the top five skills being:

1. Identity and access management (49%)
2. Cloud computing (48%)
3. Data protection (44%)
4. Incident response (44%)
5. DevSecOps (36%)

Emphasis on Soft Skills:

• Soft skills hold significant importance, with communication (58%), critical thinking (54%), problem-solving (49%), teamwork (45%), and attention to detail (36%) being the top five qualities sought after in cybersecurity candidates.
• In contrast, empathy (13%) and honesty (17%) rank lower in terms of importance.
• Survey respondents indicate skill gaps in soft skills (55%), cloud computing (47%), security controls (35%), coding skills (30%), and software development-related topics (30%).

Mitigating Technical Skill Gaps:

Organizations are addressing technical skill gaps through various methods, including:

• Training non-security staff interested in transitioning into security roles (45%)
• Increased utilization of contract employees or external consultants (38%)
• Expanded use of reskilling programs (21%)

Soft Skills Development:

To bridge soft skills gaps, organizations are leveraging resources such as online learning websites (53%), mentoring programs (46%), corporate training events (42%), and academic tuition reimbursement (20%).

Jon Brandt, ISACA's Professional Practices and Innovation Director, emphasizes the significance of addressing soft skills gaps in the cybersecurity field, advocating for a collaborative approach involving hands-on training, mentorship, and diverse learning pathways.

Cybersecurity Threat Landscape:

• A significant 62% of respondents believe that organizations tend to underreport cybercrime incidents.
• Nearly half (48%) note an increase in cyberattacks compared to the previous year.
• Confidence in cybersecurity teams' ability to detect and respond to cyber threats is expressed by 42% of respondents.

Primary Attack Concerns:

• Enterprise reputation (79%), data breaches (69%), and supply chain disruptions (55%) are the top three concerns among cybersecurity professionals.
• The predominant type of cyberattack experienced is social engineering (15%), followed by advanced persistent threats (11%) and ransomware (10%).

Future Outlook:

• A strong 78% of survey participants anticipate an increased demand for technical cybersecurity contributors in the coming year.
• Nearly half (48%) expect a surge in demand for cybersecurity managers.
• More than half (51%) anticipate an increase, to some extent, in cybersecurity budgets in the upcoming year.

The ISACA report underscores the evolving dynamics of the cybersecurity field and the critical importance of addressing both technical and soft skills to navigate the ever-changing landscape effectively.