Lack of cybersecurity staff affects over 70 percent of organizations

The cybersecurity skills crisis has impacted 71 percent of organizations and left two-thirds of cybersecurity professionals saying that the job itself has become more difficult over the past two years.

New research carried out by Enterprise Strategy Group (ESG) and the Information Systems Security Association (ISSA) finds 66 percent of respondents believe that working as a cybersecurity professional has become more difficult over the past two years, with close to a third (27 percent) stating that it is much more difficult.

Most (81 percent) respondents cite an increase in cybersecurity complexity and workload as the reason their careers are more difficult now. While 59 percent point to the increase in cyberattacks due to an expanding attack surface and 46 percent say that their cybersecurity team is understaffed. 43 percent agree that both budget pressures and regulatory compliance complexity have increased and present further challenges. Eight percent have experienced one or more disruptive security events at their organization that have made their work more difficult.

With this level of workload and stress it's not surprising that less than half of security pros are very satisfied with their current jobs, and 50 percent claim it's very likely, likely, or somewhat likely they will leave their current job this year.

When asked how their organizations could improve their overall cybersecurity programs the top responses include increasing cybersecurity training for IT and security professionals, striving to improve the organization's cybersecurity culture, hiring more staff, increasing the cybersecurity budget, and improving basic security hygiene and posture management.

"For a majority of organizations, cybersecurity continues to be treated as a cost center or compliance mandate versus a business enabler or growth driver," says Candy Alexander, board president at ISSA International. "Cybersecurity professionals are charged with protecting the organization while being overworked, overstressed, and understaffed. There was a point in time where organizations could get away with doing 'good enough security,' but those days are gone. Relentless, AI-fueled cyberattacks and expanding attack surfaces are a sampling of new problems that are going to overwhelm and overrun underinvested cybersecurity programs. Executive management needs to recognize that their business goals are only possible if cybersecurity successfully enables their business to operate in today’s threat environment day after day."

The full report is available from the ISSA site.

Image Credit: Africa Studio / Shutterstock