ISACA, a nonprofit organization that specializes in information security, assurance, risk management and governance, has unwrapped findings from its 2019 global State of Cybersecurity survey.
The report is split into two parts: One analyzes the survey findings regarding cybersecurity workforce development, staffing, retention, budget implications and gender diversity. The second part examines the survey results relating to cyberattacks, cybersecurity awareness training programs, and organizational cybersecurity and governance.
We’re going to cover the first part now and save the second for a follow on blog.
Here are the key findings related to the cybersecurity workforce:
- Technically proficient cybersecurity professionals continue to be in short supply and difficult to find. The greatest skill needed in the field is business acumen. Currently, the most prized hire in a cybersecurity team is a technically proficient individual who also understands business operations and how cybersecurity fits into the greater needs of the enterprise.
- Retaining cybersecurity professionals is exceptionally difficult. The current enticement of employer-paid training and certification aren’t ensuring retention. Cybersecurity personnel are leaving most often for greater pay, career advancement and perceived healthier work environments.
- Gender diversity programs may be declining. Less than half of the survey respondent enterprises have a gender diversity program.
- Cybersecurity budget increases are expected to slow slightly. Most survey respondents expect cybersecurity budgets to increase, but not as much as last year.
Here’s more detail:
On technically proficient cybersecurity pros.
- 58% of survey respondents report that their enterprises have unfilled cybersecurity positions. Last year it was one point higher.
- 62% of enterprises have to wait three to six months before filling open cybersecurity positions.
On unqualified applicants.
- Nearly 60% of survey respondents indicate that 50% or less of the applicants applying to open cybersecurity positions are qualified.
- 29% said that less than one quarter of applicants have sufficient qualifications to be considered for open cybersecurity positions.
On business acumen.
- 49% of respondents identify business acumen as the biggest skill gap.
- 34% report that the biggest skill gap is technical skills.
- 64% of survey respondents said their organization found it difficult to retail cybersecurity pros.
- Nearly 70% of respondents believe that their enterprise’s cybersecurity team is understaffed.
- 20% perceive their enterprise as significantly understaffed.
On gender diversity.
- 89% of respondents indicate that there are more men than women in cybersecurity roles within their enterprise.
- 15% said their entire cybersecurity group is comprised of men.
- 80% said that women in their organization are offered the same opportunities for career advancement as men.
On cybersecurity budgets.
- 55% of respondents report that they expect an increase in cybersecurity budgets for 2019, a nine point decrease from last year’s 64 percent.
“The cybersecurity workforce gap is becoming more pronounced as talent becomes more difficult to find,” the report concludes. “Although the statistics may prove disheartening to some, they actually present great opportunity for enterprises with initiative. Organizations that acknowledge the statistics shown in this research should be able to fill open positions quicker and retain their current talent.”
Data for the report was gleaned from surveys of some 1,576 ISACA members who hold ISACA’s Certified Information Security Manager and/or Cybersecurity Nexus Practitioner designations and individuals in information security positions. Of the 1,576 respondents, 1,020 indicated that their primary professional area of responsibility is cybersecurity.