State of Cybersecurity Study: Security Budgets Increasing, But Qualified Cyber talent Remains Hard to Find
Announcement posted by Established Media 19 Apr 2018
More than half of organisations surveyed report open cybersecurity positions and say it takes at least three months to fill them, according to ISACA’s new research
Sydney, Australia (19 April 2018) — The worldwide cybersecurity skills gap continues to present a significant challenge, with 59 per cent of information security professionals reporting unfilled cyber/information security positions within their organisation, according to ISACA’s new cybersecurity workforce research.
Among the concerning trends revealed in part 1 of the ISACA State of Cybersecurity 2018 Report, released today.
Yet, there are several positive and promising insights in the ISACA data:
“This research suggests that the persistent cybersecurity staffing problem is not a financial one. Even though enterprises have more budget than ever to hire, the available workforce lacks the skills organisations critically need,” said ISACA CEO Matt Loeb, CGEIT, CAE. “More of those dollars will need to be invested in technical cybersecurity training, along with effective retention programs. Practitioners who acquire and demonstrate hands-on technical cybersecurity skills will find themselves in significant demand.”
Reducing Risk and Strengthening Cybersecurity
ISACA recommendations that can help enterprises address the skills gap and bolster security programs include:
About the State of Cybersecurity Study
More than 2,300 cybersecurity professionals who hold ISACA’s Certified Information Security Manager (CISM) and/or Cybersecurity Nexus Practitioner™ (CSXP) designations and positions in information in security participated in the online survey. The findings will be issued in three reports in 2018. To download a complimentary copy of part 1, visit https://cybersecurity.isaca.org/state-of-cybersecurity. The second volume of the State of Cyber Security study will shed light on evolving threat landscapes, including trends related to enterprise threats, defense mechanisms and more. The study is the latest research from ISACA’s Cybersecurity Nexus.
ISACA at RSA
ISACA leaders will participate in a panel on the findings of the latest workforce report, steps organisations need to take and how enterprises can evaluate their cyber readiness. Cybersecurity Capability Readiness: Necessary Conversations, Next Steps will take place on Thursday, 19 April, at 8 a.m. PST. Using ISACA data, panelists will discuss the conversations boards need to have around maturity and readiness, including evaluating people and processes, how to maximise security ROI, and ensuring cybersecurity measures are resilient to interruption and interference. ISACA experts will also be available at booth 200 throughout the conference.
###
About ISACA
Nearing its 50th year, ISACA® (isaca.org) is a global association helping individuals and enterprises achieve the positive potential of technology. Today’s world is powered by technology, and ISACA equips professionals with the knowledge, credentials, education and community to advance their careers and transform their organisations. ISACA leverages the expertise of its 450,000 engaged professionals in information and cybersecurity, governance, assurance, risk and innovation, as well as its enterprise performance subsidiary, CMMI® Institute, to help advance innovation through technology. ISACA has a presence in more than 188 countries, including 217 chapters worldwide and offices in both the United States and China.
Twitter: www.twitter.com/ISACANews
LinkedIn: www.linkedin.com/company/isaca
Facebook: www.facebook.com/ISACAHQ
Instagram: www.instagram.com/isacanews/
Contact:
Julie Fenwick, 0468 901 655, jfenwick@daylightagency.com.au
Harriet Hall, 0401 068 041, hhall@daylightagency.comau
Among the concerning trends revealed in part 1 of the ISACA State of Cybersecurity 2018 Report, released today.
- High likelihood of cyberattack continues. Four in five security professionals (81 per cent) surveyed indicated that their enterprise is likely or very likely to experience a cyberattack this year, while 50 per cent of respondents indicate that their organisation has already experienced an increase in attacks over the previous 12 months.;
- Nearly 1 in 3 organisations (31 per cent) say their board has not adequately prioritised enterprise security.
- Men tend to think women have equal career advancement in security, while women say that’s not the case. A 31-point perception gap exists between male and female respondents, with 82 per cent of male respondents saying men and women are offered the same opportunities for career advancement in cybersecurity, compared to just 51 per cent of female respondents. Of those surveyed, about half (51 per cent) of respondents report having diversity programs in place to support women cybersecurity professionals.
- Individual contributors with strong technical skills continue to be in high demand and short supply. More than 7 in 10 respondents say their organisations are seeking this kind of candidate.
Yet, there are several positive and promising insights in the ISACA data:
- Time to fill open cybersecurity positions has decreased slightly. This year, 54 per cent of respondents say filling open positions takes at least three months, compared to last year’s 62 per cent.
- Gender disparity exists but can be mitigated through effective diversity programs. Diversity programs clearly have an impact. In organisations that have one, men and women are much more likely to agree that men and women have the same career advancement opportunities. Eighty-seven per cent of men say they have the same opportunities, as compared to 77 per cent of women. While a perception gap remains, it is significantly smaller than the 37-point gap among men and women in organisations without diversity programs (73 per cent of men in organisations without diversity programs say advancement opportunities are equal, compared to 36 per cent of women).
- Security managers are seeing a slight improvement in number of qualified candidates. Last year, 37 per cent of security professionals said fewer than 25 per cent of candidates for security positions were sufficiently qualified. This year, that number dropped to 30 per cent.
- Budgets are increasing. Sixty-four per cent of respondents indicate that security budgets will increase this year, compared to 50 per cent last year.
“This research suggests that the persistent cybersecurity staffing problem is not a financial one. Even though enterprises have more budget than ever to hire, the available workforce lacks the skills organisations critically need,” said ISACA CEO Matt Loeb, CGEIT, CAE. “More of those dollars will need to be invested in technical cybersecurity training, along with effective retention programs. Practitioners who acquire and demonstrate hands-on technical cybersecurity skills will find themselves in significant demand.”
Reducing Risk and Strengthening Cybersecurity
ISACA recommendations that can help enterprises address the skills gap and bolster security programs include:
- Develop a strong diversity program to improve recruitment, advancement and retention of qualified individuals.
- Invest in the talent you have, to develop the skills you need. The skills organisations need are in short supply, so organisations will need to close the gap through training and retention programs.
- Implement objective, consistent and actionable reporting to the board about security concerns. If the enterprises measure and track risk systemically and holistically, board prioritisation of security is likely to improve.
About the State of Cybersecurity Study
More than 2,300 cybersecurity professionals who hold ISACA’s Certified Information Security Manager (CISM) and/or Cybersecurity Nexus Practitioner™ (CSXP) designations and positions in information in security participated in the online survey. The findings will be issued in three reports in 2018. To download a complimentary copy of part 1, visit https://cybersecurity.isaca.org/state-of-cybersecurity. The second volume of the State of Cyber Security study will shed light on evolving threat landscapes, including trends related to enterprise threats, defense mechanisms and more. The study is the latest research from ISACA’s Cybersecurity Nexus.
ISACA at RSA
ISACA leaders will participate in a panel on the findings of the latest workforce report, steps organisations need to take and how enterprises can evaluate their cyber readiness. Cybersecurity Capability Readiness: Necessary Conversations, Next Steps will take place on Thursday, 19 April, at 8 a.m. PST. Using ISACA data, panelists will discuss the conversations boards need to have around maturity and readiness, including evaluating people and processes, how to maximise security ROI, and ensuring cybersecurity measures are resilient to interruption and interference. ISACA experts will also be available at booth 200 throughout the conference.
###
About ISACA
Nearing its 50th year, ISACA® (isaca.org) is a global association helping individuals and enterprises achieve the positive potential of technology. Today’s world is powered by technology, and ISACA equips professionals with the knowledge, credentials, education and community to advance their careers and transform their organisations. ISACA leverages the expertise of its 450,000 engaged professionals in information and cybersecurity, governance, assurance, risk and innovation, as well as its enterprise performance subsidiary, CMMI® Institute, to help advance innovation through technology. ISACA has a presence in more than 188 countries, including 217 chapters worldwide and offices in both the United States and China.
Twitter: www.twitter.com/ISACANews
LinkedIn: www.linkedin.com/company/isaca
Facebook: www.facebook.com/ISACAHQ
Instagram: www.instagram.com/isacanews/
Contact:
Julie Fenwick, 0468 901 655, jfenwick@daylightagency.com.au
Harriet Hall, 0401 068 041, hhall@daylightagency.comau