The changing threat environment continues to be a concern for many frontline professionals. However, recent research from ISACA indicates that this landscape hasn’t seen much transformation in past years.

The study highlighted that among the cybersecurity professionals who noticed variations in cyberattacks compared to the previous year, 52% witnessed an increase in such incidents.

Shortage of Cybersecurity Skills Puts Enterprises at Risk

Despite recognizing the escalating threats, only a meager 8% of organizations engaging in cyber risk evaluations perform these checks monthly. Conversely, a significant 40% conduct these only once a year. This infrequent assessment of cyber risks places enterprises in a precarious position, heightening the possibility of undetected breaches for extended intervals.

The unavailability of sufficient human resources impedes companies from frequently gauging and testing their cyber safeguards. A significant 62% of survey participants mentioned their cybersecurity teams were lacking adequate staff. From these organizations with vacancies in cybersecurity, 39% are inclined to appoint individuals for beginner roles without necessitating prior experience, academic qualifications, or certifications.

Historically, 44% of organizations expressed that they mandate an academic degree to occupy beginner cybersecurity roles when available.

ISACA’s Global Chief Strategy Officer, Chris Dimitriadis, commented that organizations continually grapple to secure individuals with the requisite cybersecurity expertise. With the surge in cyber incidents, unless these dilemmas and voids are addressed, various sectors—including business domains and supply chain ecosystems—might be left exposed due to insufficient security measures. Dimitriadis also emphasized the interconnected nature of businesses and highlighted the importance of comprehensive training for a more secure global environment.

Strengthening Cyber Resilience through Talent and Training

Organizations can implement straightforward strategies to bridge the cybersecurity skills gap and fortify their cyber defenses. Among proactive entities, 50% are enhancing the skills of their non-security personnel, 46% are amplifying their collaboration with external experts or consultants, and 27% are introducing reskilling initiatives.

Cybersecurity experts opine that practical experience in a cybersecurity capacity (97%), relevant certifications (88%), and successful completion of hands-on cybersecurity training modules (83%) rank high in gauging the aptness of a cybersecurity aspirant.

Chris Cooper, an associate of ISACA’s Emerging Trends Working Group, expressed the essentiality of fostering talent within the cybersecurity domain to sustain organizational resilience against dynamic threats. Cooper stressed the significance of creating more beginner roles and committing to comprehensive training and nurturing for all, starting from the foundational level.