ISACA’s State of Cybersecurity 2019 Survey: Retaining Qualified Cybersecurity Professionals Increasingly Challenging for Organisations

0

Nearly 70 per cent believe their cybersecurity teams are understaffed

Organisations are struggling to keep their cybersecurity workforce fully staffed as competitors increasingly pick off employees who are enticed by higher pay and bonuses, according to ISACA’s new cybersecurity workforce research.

The short supply of qualified cybersecurity professionals has led to unfilled positions and a widening work skills gap. A whopping 69 per cent of respondents say their cybersecurity teams are understaffed.

Part 1 of ISACA’s State of Cybersecurity 2019 report analyses the trends of cybersecurity hiring, retention, gender diversity and budget implications. “Current Trends in Workforce Development” released today at the RSA Conference in San Francisco. The research found:

  • Cybersecurity professionals are still in short supply and hard to find, particularly for roles that require technical proficiency.
  • Retaining cybersecurity professionals is exceptionally difficult, even when enticements such as training and certification are provided.
  • Gender diversity programs are declining and perceived as less effective than in the past.
  • Cybersecurity budget increases are expected to slow slightly.

“We’re in a highly fluid environment where organisations are increasingly challenged by competitive forces,” said Rob Clyde, CISM, board chair of ISACA. “Creative and competitive retention efforts are more important than ever in the current environment, and organisations should make it a priority to identify ways to boost their cybersecurity teams.”

While 57 per cent of respondents say their organisations offer increased training as incentives to keep people within an organisation, an overwhelming 82 per cent indicate that most individuals leave their companies for another because of financial and career incentives, such as higher salaries, bonuses and promotions.

However, Frank Downs, director of cybersecurity practices at ISACA, points out that such incentives are not necessarily what cybersecurity professionals need to advance in their careers. Business acumen is key.

“The most prized hire within a cybersecurity organisation is a skilled professional, who not only understands the business operation and how cybersecurity fits into the greater needs of the organisation, but also knows how to communicate well,” said Downs.

In the survey, 58 per cent of respondents note that their organisations have unfilled cybersecurity positions. The results also show that there is a 6 percentage-point increase, year over year, of organisations languishing at least six months before they are able to fill open cybersecurity positions—increasing from 26 per cent in 2017 to 32 per cent in 2018.

Gender Diversity Programs in Decline

Only 45 per cent of the survey’s female respondents believe that both men and women have equal opportunity for career advancement. This represents a downward trend from 51 per cent the previous year. The survey also finds that less than half of cybersecurity organisations have a gender diversity program, and the perception of their effectiveness, when compared to previous years, is declining.

“Attempts to diversify the workforce and create gender inclusion are either not happening enough or are failing to meet employee expectations,” said Clyde. “Respondents do not believe their organisations prioritise increasing the number of women in cybersecurity roles or advancing them within the organisation.”

“Organisations need to communicate a clear career path for all cybersecurity staff in order to retain staff and tackle ongoing threats to the enterprise,” said Jo Stewart-Rattray, Global Lead for ISACA’s SheLeadsTech advocacy program. “But this is especially important for women, who can feel isolated being the only female in the room, if we are going to close the gender diversity gap.”

“Providing role models and mentors both within and outside an organisation greatly increases the chance for women to remain in the profession and move into leadership roles,” adds Stewart-Rattray. “Organisations also need to provide flexible working opportunities.”

Cybersecurity Budget Increases Are Expected to Slow

Most respondents still expect an increase in cybersecurity budget, but not as much as in the previous year; 55 per cent report they expect an increase in cybersecurity budgets, a decrease of nine points from last year’s 64 per cent. When asked about funding, 60 per cent of respondents indicate that they consider their cybersecurity budget to be underfunded, with nearly 20 per cent believing that their budgets are significantly underfunded.

State of Cybersecurity 2019 can be downloaded free at https://www.mysecuritymarketplace.com/product/state-of-cybersecurity-2019/. The report is the latest research from ISACA’s Cybersecurity Nexus, which offers credentials, training, guidance and research for security professionals.

About the State of Cybersecurity Study
More than 1,500 cybersecurity professionals who hold ISACA’s Certified Information Security Manager (CISM) and/or CSX Cybersecurity Practitioner (CSXP) designations and positions in information in security participated in the online survey. The findings will be issued in two white papers in 2019. To see the first white paper, visit https://cybersecurity.isaca.org/state-of-cybersecurity.

About ISACA
Now in its 50th anniversary year, ISACA (isaca.org) is a global association helping individuals and enterprises achieve the positive potential of technology. Today’s world is powered by information and technology, and ISACA equips professionals with the knowledge, credentials, education and community to advance their careers and transform their organisations. ISACA leverages the expertise of its 460,000 engaged professionals—including its 140,000 members—in information and cyber security, governance, assurance, risk and innovation, as well as its enterprise performance subsidiary, CMMI Institute, to help advance innovation through technology. ISACA has a presence in 188 countries, including more than 220 chapters worldwide and offices in both the United States and China.

Twitter: https://twitter.com/ISACANews
LinkedIn: https://www.linkedin.com/company/isaca
Facebook: www.facebook.com/ISACAHQ
Instagram: https://www.instagram.com/isacanews

Share.