Cybersecurity teams continue to struggle with hiring and retention, and very little improvement has been achieved in these areas since last year, according to ISACA.
Understaffed and lacking diversity
ISACA’s 2020 State of Cybersecurity survey report, unveiled at RSA Conference 2020, finds that enterprises are short-staffed, have difficulty identifying enough qualified talent and don’t believe their HR teams adequately understand their hiring needs.
Additionally, while slight progress is reported in increasing the number of women in cybersecurity roles and in establishing diversity programs, most cybersecurity teams still indicate they have significantly more men than women, and most report that progress is minimal.
“Cybersecurity jobs are in huge demand but, as many organizations are all too aware, it continues to be a real struggle to find the right candidates with the right skills and experience to meet the demands of these roles,” says retired Brigadier General Greg Touhill, ISACA board director, and President of the AppGate Federal Group.
“Better understanding these skills gaps and issues with hiring and retention can help the industry more effectively drive innovative strategies and tactics to address and overcome them.”
Cybersecurity hiring and retention problems: Key findings
- 62% say their organization’s cybersecurity team is understaffed; 57% say they currently have unfilled cybersecurity positions on their team.
- 72% of cybersecurity professionals believe their HR departments do not regularly understand their needs.
- 58% of respondents anticipate an increase in cybersecurity budgets, an increase of three percentage points from last year, but less than the 64 % reported two years ago, signaling that spending may be leveling out.
Finding cybersecurity staff with the right skillsets continues to be difficult. Only 27% say that recent graduates in cybersecurity are well-prepared. They also noted the top five skills gaps as being soft skills (32%), IT knowledge and skills gaps (30%), insufficient business insight (16%), cybersecurity technical experience (13%) and insufficient hands-on training (10%).
Once teams achieve the difficult task of finding the right professionals, they then struggle to retain them, with 66% saying it’s difficult to retain cybersecurity talent. They cite the main reasons for staff leaving as recruitment by other companies (59%), limited promotion and development opportunities (50%), poor financial incentives (50%), high work stress levels (40%, a 10-percentage point increase from the year prior) and a lack of management support (39%).
Organizations have been making slight progress in putting diversity programs in place, with 49% of respondents indicating that they have these programs—an increase of five percentage points from last year. Sixty-four percent indicate some progress toward increasing the number of women in cybersecurity roles, though only 13% say that progress is significant.
“Diversity in this field is crucial—not only in order to bring in qualified, skilled talent, but also to ensure that different viewpoints are reflected in cybersecurity teams,” says Brennan P. Baybeck, ISACA board chair; vice president and CISO, customer services, Oracle.
“Even with slight advances being made, it is clear that more significant progress is needed to increase diversity in cybersecurity, including representation of women in these roles.”