Cybersecurity professionals need to fortify their soft skills, polish their cloud computing knowledge and bone up on security controls, the Information Systems Audit and Control Association (ISACA) said in its annual research report.ISACA’s report, entitled State of Cybersecurity 2023, Global Update on Workforce Efforts, Resources and Cyberoperations, is sponsored by Adobe. The research covers the cybersecurity threat landscape, hiring challenges and opportunities, and budgets, based on input from some 2,000 security leaders worldwide.59% of cybersecurity teams are understaffed. 50% of respondents said their organizations have job openings for non-entry level roles, compared to 21% with job openings for entry level positions. 56% of cybersecurity leaders have difficulty retaining qualified cybersecurity professionals, down four points from last year. On the top five technical skills employers seek:Identity and access management (49%) Cloud computing (48%) Data protection (44%) Incident response (44%) DevSecOps (36%) On soft skills:Communication (58%), critical thinking (54%), problem-solving (49%), teamwork (45%) and attention to detail (36%) are the top five skills employers are seeking in cybersecurity job candidates. The skills of empathy (13%) and honesty (17%) came in lower in importance. Cybersecurity professionals are lacking in soft skills (55%), cloud computing (47%), security controls (35%), coding skills (30%) and software development-related topics (30%) as being the biggest skills gaps they see today. On mitigating technical skill gaps:Training non-security staff interested in moving into security roles (45%) Increasing usage of contract employees or outside consultants (38%) Increasing use of reskilling programs (21%) 62% of respondents believe organizations under report cybercrime. Nearly 48% indicate that their organization is experiencing more cyberattacks from a year ago. 42% have a high degree of confidence in their cybersecurity team’s ability to detect and respond to cyber threats. On the top three attack concerns:Enterprise reputation (79%), data breach concerns (69%) and supply chain disruptions (55%). Respondents also indicated that social engineering (15 percent) remains the main type of cyberattack they experience, an increase of two percentage points. This is followed by:Advanced persistent threats (11%) Ransomware (10%) Security misconfiguration (10%) Unpatched system (10%) Denial of service (9%) Sensitive data exposure (9%) On the future:78% of survey respondents said demand for technical cybersecurity individual contributors will increase in the next year. Nearly half (48%) expect an increased demand for cybersecurity managers. More than half (51%) believe that cybersecurity budgets will at least somewhat increase as well next year.