Content, Content, Security Staff Acquisition & Development

ISACA Study: 59% of Orgs Have Unfilled Cybersecurity, InfoSec Positions

chair on stage

A worldwide cybersecurity skills gap presents a significant challenge for many organizations, which is reflected in a study of more than 2,300 cybersecurity and information security professionals conducted by ISACA.

Key findings from part one of ISACA's "State of Cybersecurity 2018 Report" included:

  • 81 percent of study respondents said it is "likely" or "very likely" their organization will experience a cyberattack this year, and 50 percent noted their organization experienced an increase in the number of cyberattacks last year.
  • 59 percent stated their organization has unfilled cybersecurity or information security positions.
  • 54 percent said filling open cybersecurity and information security positions takes at least three months.

In addition, the top two gaps in today's security professionals were an inability to understand a business' needs (39 percent) and technical skills (33 percent), the study indicated.

Amid that talent shortage, many businesses are realizing that the wise path forward likely requires MSSP partnerships and/or outsourced cybersecurity services, MSSP Alert believes.

Is There a Gender Disparity Among Cybersecurity Pros?

Eighty-two percent of male respondents said men and women are offered the same opportunities for career advancement in cybersecurity, compared to 51 percent of female respondents, according to the ISACA study.

Meanwhile, 51 percent of respondents noted their organization has a diversity program in place to support women cybersecurity professionals, ISACA pointed out. In organizations where a diversity program is in place, 87 percent of men and 77 percent of women indicated both men and women are offered the same opportunities.

Cybersecurity, Information Security Spending on the Rise

Sixty-four percent of cybersecurity and information security professionals said their security budgets will increase this year, compared to 50 percent in 2017 and 61 percent in 2016, the ISACA study indicated.

Furthermore, 84 percent of study respondents said their organization has aligned its security strategy with its day-to-day objectives, ISACA stated. Sixty-nine percent also noted their organization's board of directors has adequately prioritized cybersecurity and information security.

Tips to Reduce Risk and Strengthen Cybersecurity

ISACA offered the following recommendations to help organizations minimize risk and improve their cybersecurity programs:

  • Promote diversity. Develop a strong diversity program to drive cybersecurity and information security recruitment, advancement and retention of qualified individuals.
  • Invest in talent. Create programs designed to attract and retain top cybersecurity and information security talent.
  • Use reports. Implement objective, consistent and actionable reporting; if organizations measure and track risk systemically and holistically, board prioritization of security likely will improve.

MSSPs also can help organizations overcome the global shortage of cybersecurity and information security talent. These services providers can deliver a wide range of security services, enabling organizations to quickly identify and address cyberattacks.

Dan Kobialka

Dan Kobialka is senior contributing editor, MSSP Alert and ChannelE2E. He covers IT security, IT service provider business strategies and partner programs. Dan holds a M.A. in Print and Multimedia Journalism from Emerson College and a B.A. in English from Bridgewater State University. In his free time, Dan enjoys jogging, traveling, playing sports, touring breweries and watching football.