Even though cybercrime is a top concern for many executives and the cybersecurity field is maturing, businesses are struggling to fully staff cybersecurity teams for several reasons, including the short supply of qualified cybersecurity professionals, employee retention issues, a decline in gender diversity programs and the slowing of cybersecurity budget increases.
Nearly 70 percent of enterprises (businesses with at least 1,500 employees) are operating with understaffed cybersecurity teams, according to a recently released report by Information Systems Audit and Control Association (ISACA), which surveyed nearly 1,580 individuals in numerous sectors — including technology services, finance, government, and manufacturing — in November 2018.
“While most senior leaders are already sensitive to these issues, the report should kindle a sense of urgency to address them,” said Gregory J. Touhill, a member of ISACA’s board of directors, in a blog post on the association’s report.
Cybersecurity professionals continue to be in short supply
Many enterprises are having a difficult time filling available cybersecurity staff positions. Fifty-eight percent of survey respondents said their organizations currently have unfilled cybersecurity positions. One of the reasons why organizations can’t fill cybersecurity roles is the shortage of qualified talent. Nearly 60 percent of survey respondents indicated the following: Only 50 percent or less of the applicants applying to open cybersecurity positions are qualified.
Despite the challenges enterprises are facing when building cybersecurity teams, enterprises aren’t having a difficult time filling leadership vacancies. Seventy-two percent of survey respondents said their enterprises currently have no available cybersecurity executive position openings.
Enterprises are having employee retention issues
With cybersecurity professionals in short supply, it’s no surprise 65 percent of enterprises are having issues with retaining these employees, according to the results of ISACA’s survey. There are three top reasons why cybersecurity professionals are leaving their jobs for new opportunities: better financial incentives (82 percent), promotion and development opportunities (57 percent), and improved work culture and environment (48 percent).
To prevent employees from leaving, enterprises are doing what they can to provide employees more. For example, 57 percent of organizations are offering increased training as an incentive to keep cybersecurity professionals within their organizations, which is mutually beneficial to both parties, according to the report. Other businesses are shifting the staffing burden to an outside security firm.
Gender diversity programs are declining
The cybersecurity field is still dominated by men. Nearly percent of survey respondents indicated the following: There are more men than women in cybersecurity roles within their enterprises.
When it comes to enterprises offering advancement opportunities in cybersecurity, an overwhelming majority of respondents (80 percent) indicated opportunity is equally distributed, but that doesn’t necessarily mean both men and women agree on the issue. Only 45 percent of the survey’s female respondents believe both men and women have equal opportunity for career advancement in the cybersecurity field. Last year, 51 percent of the survey’s female respondents felt the same way.
Cybersecurity budget increases are slowing
Are cybersecurity budgets expected to increase this year? Yes, but, compared to the year prior, fewer organizations are projecting increases to their cybersecurity budgets. Fifty-five percent of the survey’s respondents expect an increase in cybersecurity budgets this year, a decrease of nearly 10 percent from last year’s 64 percent — even though 60 percent believe their budgets are underfunded. It does get worse, however: Nearly 20 percent believe their budgets are “significantly underfunded.”
“I submit that traditional methods of addressing these issues are inadequate to remedy the situation, and we need to look to other leadership approaches to fill the gaps,” Touhill said.