The Great Resignation wave has a devastating impact on organizations across the globe. While many industries with requirements of less-skilled employees were effectively able to cope with it, industries such as cybersecurity continue to face the challenge of filling their requirements. In fact, as per a report from ISACA, “State of Cybersecurity 2022: Global Update on Workforce Efforts, Resources and Cyber Operations,” found organizations are finding it challenging to hire and retain qualified cybersecurity professionals while simultaneously coping with the skill gaps. For this report, ISACA surveyed over 2,000 security professionals across the globe.
Filling the roles of cybersecurity professionals continues to be a major obstacle, as 63% of the respondents revealed that they unfilled cybersecurity positions, up from eight percentage points from 2021. Additionally, 62% of their cybersecurity teams are massively understaffed.
As per the report, 20% of the respondents say it takes over six months to find qualified cybersecurity candidates for open positions. Factors that hiring managers keep in mind before deciding to move ahead with a candidate are whether the individual carries a prior hands-on cybersecurity experience (73%), credentials (36%) as well as hands-on training (25%).
The respondents in the report revealed that they seek a range of skills in candidates, noting the top skills gaps they find in today’s cybersecurity professionals are soft skills (54%), cloud computing (52%), and security controls (34%).
Among top skills, cybersecurity professionals agreed that communication (57%), critical thinking (56%), and problem-solving (49%) are critical.
Before advancing with their efforts to recruit cybersecurity professionals, cybersecurity leaders should also make themselves aware of the reasons why cybersecurity professionals are leaving. As per ISACA’s survey, most cybersecurity professionals consider going to their jobs due to being hired by another organization (59%) and getting financial assistance in terms of salary or bonus (48%). Moreover, cybersecurity professionals leave their jobs due to not having opportunities in the firm to financially grow (47%), high-stress levels (45%) as well as not receiving the support they need from upper management (34%)
Addressing these skills gaps requires cybersecurity professionals to cross-train their employees (up to two percentage points from 2021) as well as increase usage of contractors and consultants (up to five percentage points from 2021), as stated by survey respondents. Moreover, organizations should become flexible to candidates that may not have traditional degrees to provide support, training, and flexible schedules that attract and retain qualified candidates.
As per Nick Lowe, VP EMEA at Tufin, “The ISACA’s State of cybersecurity 2022 report released yesterday (March 23) revealed that the cybersecurity skills shortage is worsening: 63% of businesses have unfilled cybersecurity positions – an increase of 8% from 2021.” He added, “The skills shortage and the increasing complexity of corporate networks represent a watershed movement for the security industry – security teams must find ways to manage policies across distributed networks that save time and resources.”
“The report surveyed more than 2,000 cyber security professionals globally, and 62% of the companies surveyed reported understaffed cyber security teams, with one in five companies taking six months to find qualified candidates to fill open positions. To mitigate against this widespread shortage, businesses must lean heavily on automation – which frees up valuable time and resources, enabling businesses to get back on top of their security operations. Without automation, businesses are effectively ”flying blind” – as well as acting as a buffer against the current skills shortage, automation is the safety net businesses need to gain visibility – ensuring security policies are optimized and compliant,” concluded Nick Lowe.