40% Of Cybersecurity Teams Are Understaffed In India: ISACA Research
Soft skills, cloud computing and security controls are the biggest skills gaps in cybersecurity professionals.
Forty percent of Indian cybersecurity teams are understaffed, according to the State of Cybersecurity 2023 report by ISACA. The report showed that 54% of organisations have job openings for non-entry level roles, compared to 20% with job openings for entry-level positions.
The report also indicated that soft skills, cloud computing and security controls are emerging as the biggest skills gaps in today’s cybersecurity professionals globally and in India.
The survey explored the latest cybersecurity threat landscape, hiring challenges and opportunities, and budgets, with insights from 113 security leaders in India.
Staffing And Skills
According to the report, although improvements have been achieved in employee retention, it continues to be a challenging area. Of the survey respondents, 69% claimed they had problems retaining qualified cybersecurity professionals.
Globally, the retention problem persists, as benefits offered to cybersecurity professionals continue to decline due to economic uncertainty. According to respondents worldwide, university tuition reimbursement in 2023 dropped 5%, recruitment bonuses fell 2% and reimbursement of certification fees dropped 1%, compared to 2022.
As per respondents from India, the top five technical capabilities among cybersecurity professionals sought by employers include cloud computing (46%), penetration testing (42%), forensics (38%), identity and access management (38%) and data protection (38%).
When looking at soft skills, respondents in India sought critical thinking (59%), problem solving (51%), decision making (49%), communication (47%) and leadership qualities (33%) as the top five skills in cybersecurity professionals.
India-based respondents indicated cloud computing (50%), soft skills (43%), security controls (43%), network-related topics (41%) and pattern analysis (35%) to be the biggest skills gaps existing currently.
To mitigate these skills gaps, respondents said their top five approaches are training non-security staff who are interested in moving into security roles (55%), increasing use of reskilling programmes (46%), using performance-based training (33%), leveraging artificial intelligence/automation (32%) and increasing usage of contract employees or outside consultants (30%). To address non-technical skills gaps, organisations are leveraging online learning websites (62%), corporate training events (50%), mentoring (49%) and academic tuition reimbursement (21%).
“The soft skills gaps we see among cybersecurity professionals are part of a concerning systemic issue that our industry needs to take seriously,” said Jon Brandt, ISACA director, professional practices and innovation.
Cybersecurity Threats
With regard to the cybersecurity threat landscape, nearly 55% of Indian respondents indicated that their organisation is experiencing more cyberattacks compared to a year ago. Yet, 63% said they are very or completely confident in their cybersecurity team’s ability to detect and respond to cyber threats.
Globally, the top three attack concerns were the same as last year: enterprise reputation (79%), data breach concerns (69%) and supply chain disruptions (55%). Respondents worldwide indicated that social engineering (15%) remained the primary type of cyberattack they experienced, an increase of 2%. This was followed by advanced persistent threats (11%), ransomware (10%), security misconfiguration (10%), unpatched system (10%), denial of service (9%) and sensitive data exposure (9%).
Future Outlook
Of the India-based respondents, 92% admitted that demand for technical cybersecurity individual contributors will rise the next year, and 67% expect the demand for cybersecurity managers to increase too. Sixty-five percent believed that cybersecurity budgets will increase to some extent in 2024.
“Enterprises should take proactive steps to leverage available human resources to upskill and reskill staff, so that combined with investments in technologies, an effective cybersecurity posture can be established and sustained,” said RV Raghu, ISACA ambassador in India and past ISACA board director.
