The State of Cybersecurity: Cyber Skills Gap Leaves Business Vulnerable to Attacks, New Research Reveals

LONDON--(BUSINESS WIRE)--ISACA, the leading global professional association helping individuals and organisations in their pursuit of digital trust, today launches new research looking at the state of cybersecurity. The research finds that of the cybersecurity professionals who said they were experiencing an increase or decrease in cybersecurity attacks as compared to a year ago, over half (52%) say they are experiencing more cyberattacks.

The State of Cybersecurity: #cyber skills gap leaves business vulnerable to attacks, new research reveals

Share

Though businesses recognise the increased threat, less than one in ten (8%) of the organisations who complete cyber risk assessments do these monthly while two in five (40%) conduct them annually. The failure to regularly assess cyber risk leaves organisations vulnerable to attacks and increases the risk of breaches going undetected for prolonged periods.

A lack of human resource is contributing to businesses not measuring and testing their cyber defences regularly enough. Almost two thirds (62%) of respondents report that their cybersecurity team is understaffed. Of those organisations with unfilled roles in cybersecurity, 39% are looking to fill entry level positions that do not require experience, university degree, or credentials. Typically, 44% of organisations state that they require a university degree to fill entry level cybersecurity positions when they have them.

Chris Dimitriadis, Global Chief Strategy Officer at ISACA, said: “Our findings show that businesses are still struggling to find the right people with the right skills to manage cybersecurity. With cyberattacks on the rise, if we do not solve these challenges and address the gaps, businesses, ecosystems of supply chains and public sector bodies could be at threat from a lack of vital protection, detection, response and recovery. Businesses do not exist in isolation from their customers or the other organisations within their network, and a cyberattack on one part of the ecosystem can have consequences for everyone else. This is why holistic training is needed towards creating a safer world.”

There are some simple steps businesses can take to tackle the cyber skills gap and improve their cyber resilience. Of those who are already making headway, half (50%) of the organisations surveyed are upskilling non-security staff, 46% are increasing the use of contractors or external consultants, and a quarter (27%) are adopting reskilling programmes.

Cybersecurity professionals believe that hands-on experience in a cybersecurity role (97%), credentials held (88%), and completion of hands-on cybersecurity training courses (83%) are very or somewhat important when determining if a cybersecurity candidate is qualified.

Chris Cooper, member of ISACA’s Emerging Trends Working Group, said: “If businesses are to maintain their cyber resilience in an ever-evolving threat climate, we must encourage and nurture talent in the cybersecurity industry. Employers are looking for people who already have hands-on experience, but we will only enable people to build that experience by creating more entry-level roles and investing in the right training and development for everyone in the industry, from the ground up.”

Jon Brandt, ISACA Director, Professionals Practices and Innovation and Martin Van Horenbeeck, Senior Vice President and Chief Security Officer at Adobe will discuss these findings further in a webinar taking place on 3 October at 17:00 BST. To register, visit https://store.isaca.org/s/community-event?id=a334w000005hEsVAAU.

A complimentary copy of the State of Cybersecurity 2023 survey report can be accessed at www.isaca.org/state-of-cybersecurity-2023, along with related resources. Additional cybersecurity resources can be found at www.isaca.org/resources/cybersecurity.

Notes to Editors

All figures are based on fieldwork conducted by ISACA between May 13 and June 1 2023, amongst a total of 556 respondents in Europe.

ABOUT ISACA

ISACA® (www.isaca.org) is a global community advancing individuals and organizations in their pursuit of digital trust. For more than 50 years, ISACA has equipped individuals and enterprises with the knowledge, credentials, education, training and community to progress their careers, transform their organizations, and build a more trusted and ethical digital world. ISACA is a global professional association and learning organization that leverages the expertise of its 170,000 members who work in digital trust fields such as information security, governance, assurance, risk, privacy and quality. It has a presence in 188 countries, including 225 chapters worldwide. ISACA's member base in Europe exceeds 30,000, and the organization has further strengthened its presence in the region by establishing a regional office in Dublin, Ireland, in 2022. Through its foundation One In Tech, ISACA supports IT education and career pathways for underresourced and underrepresented populations.

Twitter: www.twitter.com/ISACANews
LinkedIn: www.linkedin.com/company/isaca
Facebook: www.facebook.com/ISACAGlobal
Instagram: www.instagram.com/isacanews