ISACA’s State of Cybersecurity 2019 Survey: Retaining Qualified Cybersecurity Professionals Increasingly Challenging for Organizations
Nearly 70 percent believe their cybersecurity teams are understaffed
Organizations are struggling to keep their cybersecurity workforce staffed as competitors increasingly pick off employees who are enticed by higher pay and bonuses, according to ISACA’s new cybersecurity workforce research.
The short supply of qualified cybersecurity professionals has led to unfilled positions and a widening work skills gap. A whopping 69 percent of respondents say their cybersecurity teams are understaffed.
Part 1 of ISACA’s State of Cybersecurity 2019 report analyzes the trends of cybersecurity hiring, retention, gender diversity and budget implications. “Current Trends in Workforce Development” was released today at the RSA Conference in San Francisco. The research found:
- Cybersecurity professionals are still in short supply and hard to find, particularly for roles that require technical proficiency.
- Retaining cybersecurity professionals is exceptionally difficult, even when enticements such as training and certification are provided.
- Gender diversity programs are declining and perceived as less effective than in the past.
- Cybersecurity budget increases are expected to slow slightly.
“We’re in a highly fluid environment where organizations are increasingly challenged by competitive forces,” said Rob Clyde, CISM, board chair of ISACA. “Creative and competitive retention efforts are more important than ever in the current environment, and organizations should make it a priority to identify ways to boost their cybersecurity teams.”
ISACA will be offering perspective on this in its panel on building and keeping cybersecurity teams with non-traditional staff at the RSA Conference on 6 March.
While 57 percent of respondents say their organizations offer increased training as incentives to keep people within an organization, an overwhelming 82 percent indicate that most individuals leave their companies for another because of financial and career incentives such as higher salaries, bonuses and promotions.
However, Frank Downs, director of cybersecurity practices at ISACA, points out that such incentives are not necessarily what cybersecurity professionals need to advance in their careers. Business acumen is key.
“The most prized hire within a cybersecurity organization is a skilled professional, who not only understands the business operation and how cybersecurity fits into the greater needs of the organization, but also knows how to communicate well,” said Downs.
In the survey, 58 percent of respondents note that their organizations have unfilled cybersecurity positions. The results also show that there is a 6 percentage-point increase, year over year, of organizations languishing at least six months before they are able to fill open cybersecurity positions—increasing from 26 percent in 2017 to 32 percent in 2018.
Gender Diversity Programs in Decline
Only 45 percent of the survey’s female respondents believe that both men and women have equal opportunity for career advancement. This represents a downward trend from 51 percent the previous year. The survey also finds that less than half of cybersecurity organizations have a gender diversity program, and the perception of their effectiveness, when compared to previous years, is declining.
“Attempts to diversify the workforce and create gender inclusion are either not happening enough or are failing to meet employee expectations,” said Clyde. “Respondents do not believe their organizations prioritize increasing the number of women in cybersecurity roles or advancing them within the organization.”
Cybersecurity Budget Increases Are Expected to Slow
Most respondents still expect an increase in cybersecurity budget, but not as much as in the previous year; 55 percent report they expect an increase in cybersecurity budgets, a decrease of nine points from last year’s 64 percent. When asked about funding, 60 percent of respondents indicate that they consider their cybersecurity budget to be underfunded, with nearly 20 percent believing that their budgets are significantly underfunded.
State of Cybersecurity 2019 is a free download at https://cybersecurity.isaca.org/state-of-cybersecurity. The report is the latest research from ISACA’s Cybersecurity Nexus, which offers credentials, training, guidance and research for security professionals.
About the State of Cybersecurity Study
More than 1,500 cybersecurity professionals who hold ISACA’s Certified Information Security Manager (CISM) and/or CSX Cybersecurity Practitioner (CSXP) designations and positions in information in security participated in the online survey. The findings will be issued in two white papers in 2019. To see the first white paper, visit https://cybersecurity.isaca.org/state-of-cybersecurity.
Now in its 50th anniversary year, ISACA (isaca.org) is a global association helping individuals and enterprises achieve the positive potential of technology. Today’s world is powered by information and technology, and ISACA equips professionals with the knowledge, credentials, education and community to advance their careers and transform their organizations. ISACA leverages the expertise of its 460,000 engaged professionals—including its 140,000 members—in information and cyber security, governance, assurance, risk and innovation, as well as its enterprise performance subsidiary, CMMI Institute, to help advance innovation through technology. ISACA has a presence in 188 countries, including more than 220 chapters worldwide and offices in both the United States and China.