Cybersecurity teams are under strain, as 61% of European cybersecurity
professionals say that their organisation's cybersecurity team is
understaffed, and over half (52%) believe that their organisation's
cybersecurity budget is underfunded. That's according to new research
from
ISACA.
Staff and funding struggles are having an impact on wellbeing as 68%
feel that their role is more stressful now compared to five years ago,
with 79% putting this down to the increasingly complex threat landscape.
Two in five (41%) of respondents say they are experiencing more
cyberattacks when compared to a year ago, and 29% think they are
experiencing the same amount.
But respondents don't feel the number of attacks will be slowing down
any time soon. Over half (58%) state it is likely their organisation
will experience a cyberattack in the next year. This has increased by 6
percentage points (52%) compared to 2023 so there needs to be more
investment in the right staff and skills to prepare and respond to these
attacks to limit long term damage.
Chris Dimitriadis, Chief Global Strategy Officer at ISACA, said: "In
an increasingly complex threat landscape, it is vital that, as an
industry, we overcome these hurdles of underfunding and under-staffed
teams. Without strong, skilled teams, the security resilience of whole
ecosystems is at risk - leaving critical infrastructure vulnerable."
Despite the need for skilled teams to protect businesses, 19% say that
their organisation has unfilled and open entry-level positions
available, and 48% have unfilled open positions which require
experience, a university degree, or other credentials. These figures
have dropped only a few percentage points (from 22% and 53%) since 2023,
pointing to an ongoing struggle to fill open positions.
52% of respondents say that soft skills are lacking the most amongst
today's cybersecurity professionals. Of the soft skills in question, 54%
feel that communication skills (e.g. speaking and listening skills) are
most important, followed by problem-solving (53%) and critical thinking
(48%).
Dimitriadis added: "The cybersecurity industry will massively benefit
from a diverse range of people - each with different skills,
experiences, and perspectives. This is the key to plugging the skills
gap. Once talent enters the industry, businesses can then train and
upskill new entrants on the job with cyber certifications and
qualifications."
Mike Mellor, Vice President, Security Engineering at Adobe, who sponsored the research, said: "With
the increasing frequency and sophistication of cyberattacks, it's
essential for organisations to adopt secure authentication methods to
strengthen their defences. Adobe believes that fostering a deep security
culture among all employees through anti-phishing training, combined
with stronger controls such as zero-trust networks protected by
phishing-resistant authentication are essential in safeguarding any
organisation."