New cybersecurity data hones in on where cybersecurity pros come up short, with soft skills, cloud computing, and security controls emerging as the biggest skills gaps in today’s cybersecurity professionals globally and in India, according to ISACA’s annual research report, State of Cybersecurity 2023, Global Update on Workforce Efforts, Resources and Cyberoperations.
Forty percent of Indian respondents say their cybersecurity teams are understaffed, according to the ninth annual survey—which explores the latest cybersecurity threat landscape, hiring challenges and opportunities, and budgets, with insights from 113 security leaders in India. The report, sponsored by Adobe, also shows that 54 percent of respondents indicated that they have job openings for non-entry level roles, compared to 20 percent with job openings for entry-level positions.
Staffing and Skills
The research indicates some strides have been made in addressing employee retention, but it continues to be a challenge. Sixty-nine percent of survey respondents in India say they have difficulty retaining qualified cybersecurity professionals.
Globally, continuing to reduce retention woes may be difficult given that benefits offered to cybersecurity pros have been declining—potentially driven by economic uncertainty. According to respondents worldwide, university tuition reimbursement dropped five percentage points to 28 percent, recruitment bonuses fell two percentage points, and reimbursement of certification fees dropped by a percentage point, compared to 2022.
When hiring, India-based respondents say they are looking for the following top five technical skills in cybersecurity pros:
- Cloud Computing: 46%
- Penetration Testing: 42%
- Forensics: 38%
- Identity and access management: 38%
- Data protection: 38%
Respondents in India examined where cybersecurity professionals are lacking—cloud computing (50 percent), soft skills (43 percent), security controls (43 percent), network related topics (41 percent), and pattern analysis (35 percent) as being the biggest skills gaps they see today.
“The soft skills gaps we see among cybersecurity professionals are part of a concerning systemic issue that our industry needs to take seriously,” says Jon Brandt, ISACA Director, Professional Practices and Innovation. “While there is no simple solution, addressing these needs with a collaborative approach that goes beyond traditional academia to involve hands-on training, mentorship, and other learning pathways can make an impact not only on individual skillsets and enterprise security outcomes, but also on the integrity of the profession as a whole.”
When looking at the cybersecurity threat landscape, nearly 55 percent of Indian respondents indicate that their organization is experiencing more cyberattacks compared to a year ago. Despite the difficult threat landscape, 63 percent are very or completely confident in their cybersecurity team’s ability to detect and respond to cyber threats.
- Advanced persistent threats (11 percent)
- Ransomware (10 percent)
- Security misconfiguration (10 percent)
- Unpatched system (10 percent)
- Denial of service (9 percent)
- Sensitive data exposure (9 percent)
“The evolving threat landscape and the continuing cybersecurity skill shortage are a potent combination requiring a concerted approach to address these issues. Enterprises should take proactive steps to leverage available human resources to upskill and reskill staff so that combined with investments in technologies, an effective cybersecurity posture can be established and sustained,” said RV Raghu, ISACA Ambassador in India and past ISACA board director.