Nearly two-thirds of cybersecurity teams reportedly understaffed

ISACA research reveals that almost two-thirds (62 per cent) of businesses find that their cybersecurity teams are understaffed, as threats continue to increase

Over half (52 per cent) of cybersecurity teams are reportedly experiencing more attacks on their networks, compared to 12 months ago, causing strains on gap-filled resources.

Of those respondents with unfilled roles in cybersecurity, 39 per cent are looking to fill entry level positions that do not require experience, university degree, or credentials, while 44 per cent say they typically do require a degree to fill such positions.

Cybersecurity professionals believe hands-on experience in a cybersecurity role (97 per cent), credentials held (88 per cent), and completion of hands-on training courses (83 per cent) are very or somewhat important when determining candidate suitability for roles.

The UK’s strong cybersecurity sector is good news for jobsWith the UK leading cybersecurity in Europe, we explore how tech talent looking for jobs in the space can develop their career and skills.

Though threat increases are being widely recognised, less than one in ten (8 per cent) of organisations that complete cyber risk assessments do these monthly, while two in five (40 per cent) conduct them annually.

The failure to regularly assess cyber risks, and take measures where necessary, leaves firms vulnerable to attacks and increases the risk of breaches going undetected for prolonged periods.

“Our findings show that businesses are still struggling to find the right people with the right skills to manage cybersecurity,” said Chris Dimitriadis, global chief strategy officer at ISACA.

“With cyber attacks on the rise, if we do not solve these challenges and address the gaps, businesses, ecosystems of supply chains and public sector bodies could be at threat from a lack of vital protection, detection, response and recovery.

“Businesses do not exist in isolation from their customers or the other organisations within their network, and a cyber attack on one part of the ecosystem can have consequences for everyone else. This is why holistic training is needed towards creating a safer world.”

How businesses can vet their cybersecurity vendorsChoosing the right cybersecurity tools is crucial to business security — here’s how security teams can vet potential partner vendors in the space.

Recommended steps towards resilience

When it comes to tackling the cybersecurity skills gap and building towards complete business resilience, the following steps have been evidently taken by respondents:

  • upskilling staff outside the security team (50%);
  • increasing the use of contractors or external consultants (46%);
  • adopting reskilling programmes (27%).

Chris Cooper, member of ISACA’s Emerging Trends Working Group, commented: “If businesses are to maintain their cyber resilience in an ever-evolving threat climate, we must encourage and nurture talent in the cybersecurity industry.

“Employers are looking for people who already have hands-on experience, but we will only enable people to build that experience by creating more entry-level roles and investing in the right training and development for everyone in the industry, from the ground up.”

556 cyber professionals based across Europe were surveyed by global IT governance association ISACA, for its 2023 State of Cybersecurity report.


How purple teaming can strengthen business securityMartin Walsham discusses the benefits of implementing a purple team assessment process and provides a high-level structured approach to cybersecurity.

Avatar photo

Aaron Hurst

Aaron Hurst is Information Age's senior reporter, providing news and features around the hottest trends across the tech industry.