A further 19 per cent reported having unfilled entry-level positions.
The findings were revealed in a study of nearly 2,000 ISACA members, observing the state of the cyber staffing industry and pressures that teams are facing.
When hiring new cyber staff, 52 per cent said that soft skills such as communication are the most lacking among candidates, becoming an increasing concern when managing crisis situations and managing staff cyber training.
David Manfield, Associate Director for Cyber Security for Investigo, commented: “Businesses are feeling the squeeze when it comes to recruiting cyber staff, reflecting talent pipeline struggles caused by tightening budgets over the past year. Boardrooms know the problem, with 30 per cent saying that recruiting cyber staff is their main hiring concern, but the increase in the volume and complexity of cyber threats has exacerbated the issue.”
“While businesses should aim to have cyber experts in place at all times, there are cost-effective options to bolster cyber defences. Recruiting interim cyber staff, for example, to evaluate and set organisation-wide cyber policies, especially during peak threat periods throughout the year, offers a more budget-friendly way to remain resilient against cyber-attacks while looking to hire permanent staff.”
It was also discovered that 68 per cent of cybersecurity professionals have reported increased stress now than compared to five years ago, and nearly half (45 per cent) of cybersecurity workers have considered quitting due to work-related stress.
52 per cent of cyber professionals are struggling to cope with budget pressures, with 61 per cent also reporting understaffed teams, with the cyber industry feeling the strain of economic turbulence and a rising global threat landscape.
The Cybersecurity workforce crisis is leaving businesses vulnerable and cybersecurity professionals overworked, with ISACA’s research also revealing that underfunding and staff shortages are exacerbating mental health challenges, especially stress and burnout.
Andy Ward, SVP International for Absolute Security, commented: “The tide of cyber threats is showing no signs of slowing down, so it’s vital that the UK continues to invest in its cyber resilience across technology, people and protocols, even during a challenging job market and economy. Cyber-attacks are a case of when, not if, so failing to bolster cyber resilience will prove even more costly without the right response and recovery systems in place. In fact, our research shows the threat of attacks on underfunded teams is adding to the pressure, with 62 per cent worried they could lose their job if their organisation was hit by a major successful attack.”
“To ease the burden, security teams need greater visibility over their endpoints, especially in work-from-anywhere environments. This facilitates continuous monitoring of devices and applications to detect and flag suspicious activity, providing centralised teams with the ability to freeze or shut off potentially compromised devices to prevent threat actors from moving laterally across a network. This enables CISOs and their teams to manage larger threat surfaces while maintaining uptime for healthy devices.”