Cybersecurity professionals are experiencing increasingly high levels of stress, mainly due to a constantly escalating threat landscape, according to a new ISACA research.
Increase in stress and its causes
ISACA’s annual report “State of Cybersecurity 2024,” supported by Adobe, indicates that 66% of cybersecurity professionals consider their role to be more stressful now than it was five years ago. The survey, which involved more than 1,800 cybersecurity experts, identifies the main reasons for this increase in stress:
- An increasingly complex threat landscape (81%)
- Low budgets (45%)
- Growing difficulties in hiring and retaining staff (45%)
- Under-skilled staff (45%)
- Lack of prioritization of cybersecurity risks (34%)
Increase in cyber attacks
The study also reveals a worrying increase in cyber attacks. 38% of organizations are experiencing a rise in cyber attacks, compared to 31% from the previous year. The most common types of attacks are:
- Social engineering (19%)
- Malware (13%)
- Denial of service in unpatched systems (11%)
Nearly half of respondents (47%) expect their organization to suffer a cyber attack in the next year, and only 40% have a high level of confidence in their team’s ability to detect and respond to cyber threats.
Insufficient budgets and staff
Despite the growing challenge posed by the threat landscape, cybersecurity budgets and staff are not keeping pace. More than half of respondents (51%) state that cybersecurity budgets are underfunded, and only 37% expect them to increase in the next year.
Challenges in hiring and retaining talent
Organizations seeking qualified candidates for cybersecurity positions particularly value previous practical experience (73%) and credentials (38%). Survey respondents mention that the main skills gaps they observe in cybersecurity professionals are soft skills (51%)—especially communication, critical thinking, and problem solving—and cloud computing (42%).
Talent retention is also a weakness for many organizations. Over half of respondents (55%) reported difficulties in retaining qualified cybersecurity candidates, citing the following main reasons:
- Recruitment by other companies (50%)
- Inadequate financial incentives (50%)
- Limited promotion and development opportunities (46%)
- High levels of work stress (46%)
Pablo Ballarin Usieto, member of ISACA’s Emerging Trends Task Group, concludes: “Organizations should advocate for greater investment in cybersecurity, even amidst financial uncertainty, to protect themselves against growing cyber threats. At the same time, the industry needs to attract and retain young talent to prepare for the impending wave of retirements of experienced professionals. Finally, companies should actively engage in the development of AI, harnessing its capabilities to strengthen their defenses in a context of geopolitical tension and economic volatility.”
source: ISACA