Soft skills continue to challenge the cybersecurity sector

New cybersecurity findings pinpoint areas where cybersecurity experts are lacking, with interpersonal skills, cloud computing, and security measures standing out as the most prominent skill deficiencies in cybersecurity specialists, according to a new ISACA report.

59% of cybersecurity leaders say their teams are understaffed. 50% of respondents indicated job openings for nonentry-level roles, compared to 21% with job openings for entry-level positions.

Cybersecurity talent retention struggles persist

Strides have been made in addressing employee retention, but it continues to be challenging. 56% of cybersecurity leaders say they have difficulty retaining qualified cybersecurity professionals, though this number is down four points from last year.

However, continuing to reduce retention woes may be difficult, given that benefits offered to cybersecurity pros have been declining—potentially driven by economic uncertainty. University tuition reimbursement dropped five percentage points to 28%, recruitment bonuses fell two percentage points, and reimbursement of certification fees dropped by a percentage point compared to 2022.

What cybersecurity skills are companies looking for?

When hiring, respondents say they are looking for the following top five technical skills in cybersecurity pros:

1. Identity and access management (49%)
2. Cloud computing (48%)
3. Data protection (44%)
4. Incident response (44%)
5. DevSecOps (36%)

When looking at soft skills, communication (58%), critical thinking (54%), problem-solving (49%), teamwork (45%), and attention to detail (36%) come in as the top five skills employers are seeking in cybersecurity job candidates.

The skills of empathy (13%) and honesty (17%) came in lower in importance—a noteworthy finding given that 62% of respondents believe organizations underreport cybercrime.

Respondents examined where cybersecurity professionals are lacking—citing soft skills (55%), cloud computing (47%), security controls (35%), coding skills (30%) and software development-related topics (30%) as being the biggest skills gaps they see today.

How to address these skills gaps

To mitigate these technical skills gaps, respondents indicate their top three approaches are training nonsecurity staff who are interested in moving into security roles (45%), increasing usage of contract employees or outside consultants (38%), and increasing use of reskilling programs (21%).

When addressing nontechnical skills gaps, organizations are leveraging online learning websites (53%), mentoring (46%), corporate training events (42%) and academic tuition reimbursement (20%), though the use of tuition reimbursement has fallen by four percentage points.

“The soft skills gaps we see among cybersecurity professionals are part of a concerning systemic issue that our industry needs to take seriously,” says Jon Brandt, ISACA Director, Professional Practices and Innovation. “While there is no simple solution, addressing these needs with a collaborative approach that goes beyond traditional academia to involve hands-on training, mentorship, and other learning pathways can make an impact not only on individual skillsets and enterprise security outcomes, but also on the integrity of the profession as a whole.”

Future

78% of survey respondents say demand for technical cybersecurity individual contributors will increase in the next year, and 48% expect an increased demand for cybersecurity managers. 51% believe that cybersecurity budgets will at least slightly increase as well next year.

“The cybersecurity workforce specifically faces a significant talent gap. Adobe believes that great talent can come from anywhere – and sustained investment both by our industry and governments worldwide will be critical to developing a diverse pipeline of talent to help us all address this growing gap,” says Maarten Van Horenbeeck, Senior Vice President and Chief Security Officer at Adobe. “This is especially critical when it comes to being able to respond to the evolving complexity and ingenuity in the cybersecurity threat landscape, accelerated by AI technologies.”