The pandemic’s disruption has rippled across the globe, impacting workforces in nearly every sector. According to findings from the State of Cybersecurity 2021 Part 1 survey report from ISACA in partnership with HCL Technologies, though the cybersecurity industry has not been as negatively impacted by the pandemic as others, it continues to experience ongoing challenges in hiring and retention, with 49% of the respondents saying that they have unfilled positions in the stream.
At a time when the focus is on security and data protection in the backdrop of data breaches in the wake of the pandemic, 78% of the respondents felt that a prior hands-on experience in cybersecurity role is necessary to help organizations sail through their cybersecurity requirements. However, 53% of the respondents felt that less than half of their applicants are well qualified for the position for which they are applying.
Along the same lines, most organizations / respondents who took the survey in India said that a university degree is mandatory for entry-level cybersecurity positions.
Globally, though the survey noted the cybersecurity workforce was mainly spared the pandemic devastation experienced by other professions. It found that longstanding issues persist, including:
- 46% of respondents indicate that their cybersecurity teams are understaffed.
- 49% say they have unfilled cybersecurity positions.
- 53% say their cybersecurity applicants are not well qualified.
- Only 41% say HR regularly understands their cybersecurity hiring needs.
Impact of COVID-19 Pandemic on Security Spending
The pandemic has put the spotlight on organizations’ data protection and privacy. To this end, 42% of the respondents felt they were appropriately funded for security function while more than half the respondents said that spending on security technology initiatives has increased during the pandemic.
Staff Gaps and Attacks Linked
The global study by ISACA corroborates the on-ground reality in India. According to an estimate, the shortage of cybersecurity workforce in India is 9 percent higher than the global average. India needs about 1 million cybersecurity professionals, according to an estimate by the Data Security Council of India. The survey also indicated that 60% of organizations surveyed are fully staffed in-house to only “respond” to security threats and breaches, while nearly an equal number, 59%, are equipped to proactively “protect” cyberattacks.
Hiring and Skills Challenges Persist, Especially with Recent Graduates
Among a host of factors plaguing the industry, poor financial incentives stood out as the most visible reason that cybersecurity professionals are leaving their jobs, at 45%, followed by limited promotion and development opportunities at 44%. 49% of the respondents said they had unfilled positions in their organization, and 51% indicated that it takes anywhere between three to six months to fill an open position. At the same time, only 41% of the respondents felt that the HR department understands their organization’s cybersecurity hiring needs to properly pre-screen candidates. On skill gaps, 44% of the respondents said that security controls is the biggest skill gap they see in today’s cybersecurity professionals. Fortunately, more than half the respondents said they are training non-security staff who are interested in taking up security roles.
Organizations are addressing the problem through:
- Training non-security staff who are interested in moving to security roles (52%)
- Increasing use of reskilling programs (46%)
- Increasing use of performance-based training to attest to actual skill mastery (37%)
- Increasing usage of contract employees or outside consultants (35%)
- Increasing reliance on AI/automation (31%)
“The COVID-19 pandemic and the resultant remote working has further emphasized the need for a robust cybersecurity approach. Upskilling, reskilling professionals to be able to quickly understand and address threats of data breaches and privacy is the need of the hour,” said R.V. Raghu, Member of ISACA’s Emerging Trends Working Group and Director at Versatilist Consulting India Pvt Ltd.
“For training and development of professionals to address the skill gaps in cybersecurity, the government, academia and industry will have to collaborate with each other. It is not only important to better prepare fresh graduates, but also bring a wider pool from all streams and equip them with the skills needed to succeed in cybersecurity career,” he added.
Covering the Cybersecurity Skill Gap
ISACA also offers cybersecurity resources, training and credentials for cybersecurity professionals at different stages in their careers, including IT Certified Associate (ITCA), which allows those new to the profession to build their IT knowledge and skills, including in cybersecurity; Cybersecurity Practitioner Certification (CSX-P) the first and only comprehensive performance certification testing one’s ability to perform globally validated cybersecurity skills spanning five security functions – Identify, Protect, Detect, Respond, and Recover; and Certified Information Security Manager (CISM), which is designed for technical experts looking to advance into strategic management positions.
“At ISACA, we are not only committed to providing research and best practices that guide our global professional community, but also to taking action to help fill the skills gap,” said David Samuelson, ISACA CEO.
“This includes transforming our digital and learning tools to give individuals and companies training that is more relevant and customized than ever before and supporting the important work of the One In Tech foundation in advancing equity and inclusion in the tech workforce.”
