Cybersecurity professionals need to fortify their soft skills, polish their cloud computing knowledge and bone up on security controls, the Information Systems Audit and Control Association (ISACA) said in its annual research report.
ISACA’s report, entitled State of Cybersecurity 2023, Global Update on Workforce Efforts, Resources and Cyberoperations, is sponsored by Adobe. The research covers the cybersecurity threat landscape, hiring challenges and opportunities, and budgets, based on input from some 2,000 security leaders worldwide.
59% of Cyber Team Understaffed
Here are some of the findings:
On staffing and skills:
- 59% of cybersecurity teams are understaffed.
- 50% of respondents said their organizations have job openings for non-entry level roles, compared to 21% with job openings for entry level positions.
- 56% of cybersecurity leaders have difficulty retaining qualified cybersecurity professionals, down four points from last year.
On the top five technical skills employers seek:
- Identity and access management (49%)
- Cloud computing (48%)
- Data protection (44%)
- Incident response (44%)
- DevSecOps (36%)
On soft skills:
- Communication (58%), critical thinking (54%), problem-solving (49%), teamwork (45%) and attention to detail (36%) are the top five skills employers are seeking in cybersecurity job candidates.
- The skills of empathy (13%) and honesty (17%) came in lower in importance.
- Cybersecurity professionals are lacking in soft skills (55%), cloud computing (47%), security controls (35%), coding skills (30%) and software development-related topics (30%) as being the biggest skills gaps they see today.
On mitigating technical skill gaps:
- Training non-security staff interested in moving into security roles (45%)
- Increasing usage of contract employees or outside consultants (38%)
- Increasing use of reskilling programs (21%)
Lack of Soft Skills Concerning to Cyber Pros
Organizations are leveraging online learning websites (53%), mentoring (46%), corporate training events (42%) and academic tuition reimbursement (20%), the study found.
“The soft skills gaps we see among cybersecurity professionals are part of a concerning systemic issue that our industry needs to take seriously,” says Jon Brandt, ISACA professional practices and innovation director. “While there is no simple solution, addressing these needs with a collaborative approach that goes beyond traditional academia to involve hands-on training, mentorship, and other learning pathways can make an impact not only on individual skill sets and enterprise security outcomes, but also on the integrity of the profession as a whole.”
On the cybersecurity threat landscape:
- 62% of respondents believe organizations under report cybercrime. Nearly 48% indicate that their organization is experiencing more cyberattacks from a year ago.
- 42% have a high degree of confidence in their cybersecurity team’s ability to detect and respond to cyber threats.
On the top three attack concerns:
- Enterprise reputation (79%), data breach concerns (69%) and supply chain disruptions (55%). Respondents also indicated that social engineering (15 percent) remains the main type of cyberattack they experience, an increase of two percentage points.
This is followed by:
- Advanced persistent threats (11%)
- Ransomware (10%)
- Security misconfiguration (10%)
- Unpatched system (10%)
- Denial of service (9%)
- Sensitive data exposure (9%)
On the future:
- 78% of survey respondents said demand for technical cybersecurity individual contributors will increase in the next year.
- Nearly half (48%) expect an increased demand for cybersecurity managers.
- More than half (51%) believe that cybersecurity budgets will at least somewhat increase as well next year.