STOCK TITAN

New Research from TechTarget’s Enterprise Strategy Group and the Information Systems Security Association Reveals Continuous Struggles within Cybersecurity Professional Workforce

Rhea-AI Impact
(Neutral)
Rhea-AI Sentiment
(Neutral)
Tags
Rhea-AI Summary
The cybersecurity skills crisis continues to impact organizations, with 71% reporting its effects. Two-thirds of cybersecurity professionals find their job more difficult in the past two years. The global cybersecurity skills shortage remains unabated, with 95% stating no improvement and 54% saying it has worsened. Respondents highlight application security, cloud security, and security analysis as areas with the most acute shortage. Organizations can mitigate the skills shortage by increasing compensation, providing non-monetary incentives, educating HR professionals, and investing in cybersecurity training. CISOs need strong leadership and communication skills to be successful. Improving cybersecurity programs requires increased training, enhancing the cybersecurity culture, hiring more staff, increasing the budget, and improving security hygiene. Cybersecurity should be recognized as a business enabler rather than a cost center. The eBook offers insights for business and IT leaders as well as cybersecurity professionals.
Positive
  • 71% of organizations impacted by the cybersecurity skills shortage
  • 66% of cybersecurity professionals find their job more difficult in the past 2 years
  • 95% state no improvement in the cybersecurity skills shortage
  • 54% say the skills shortage has worsened
  • Application security, cloud security, and security analysis face acute shortage
  • Mitigation strategies include increasing compensation and providing non-monetary incentives
  • CISOs need strong leadership and communication skills
  • Improving cybersecurity programs requires training, culture enhancement, hiring, budget increase, and security hygiene improvement
  • Cybersecurity should be recognized as a business enabler
Negative
  • None.

The sixth version of the landmark global study shows escalating career complexities and job discontent faced by cybersecurity professionals while the ongoing global skills shortage impacts 71% of organizations

NEWTON, Mass. & VIENNA, Va.--(BUSINESS WIRE)-- Enterprise Strategy Group, a division of TechTarget and Information Systems Security Association announced the publication of its research study titled, “The Life and Times of Cybersecurity Professionals.” The sixth edition of this project (published as an eBook this year) sought to assess the career progression of cybersecurity professionals, determine whether cybersecurity professionals are satisfied with their jobs and careers, measure the impact of the global cybersecurity skills shortage and uncover organizations’ response to it, and monitor the status and performance of cybersecurity leadership. The report reveals that the cybersecurity skills crisis continues in a multi-year freefall that has impacted 71% of organizations and left two-thirds of cybersecurity professionals stating that the job itself has become more difficult over the past two years—while 60% of organizations continue to deflect responsibility.

The report findings include:

  • A career in cybersecurity is becoming more difficult in an increasingly challenging environment. Nearly two-thirds (66%) of respondents believe that working as a cybersecurity professional has become more difficult over the past 2 years, with close to a third (27%) stating that it is much more difficult. Internal issues like workload complexity, staffing shortages, and budget deficits combined with external issues like the dangerous threat landscape and regulatory compliance challenges have made this profession progressively more difficult. Most (81%) respondents cite the increase in cybersecurity complexity and workload as the reason their careers are more difficult now. Over half (59%) point to the increase in cyberattacks due to an expanding attack surface and 46% state that their cybersecurity team is understaffed. Almost half (43%) agree that both budget pressures and regulatory compliance complexity have increased and present further challenges. Nearly one-in-ten (8%) of cybersecurity professionals have experienced one or several disruptive security events at their organization that have made their work more difficult.
  • Most cybersecurity professionals aren’t very satisfied with their career choices. Cybersecurity professionals face daily job stress like an overwhelming workload, working with disinterested business managers, falling behind business initiatives, and keeping up with the security needs of new IT projects. Little wonder then why less than half of security pros are very satisfied with their current jobs, and 50% of security pros claim it is very likely, likely, or somewhat likely they leave their current job this year.
  • The global cybersecurity skills shortage continues unabated. Most organizations (71%) report that they’ve been impacted by the cybersecurity skills shortage—a dramatic increase from 57% in the last study, leading to an increased workload for the cybersecurity team (61%), unfilled open job requisitions (49%), and high burnout among staff (43%), according to respondents. Further, nearly all (95%) respondents state the cybersecurity skills shortage and its associated impacts have not improved over the past few years and 54% (up 10% from 2021) say it has only gotten worse. When asked to identify areas where the security skills shortage is most acute, respondents pointed to application security, cloud security, and security analysis and investigations. A majority of respondents (60%) believe that their organization could be doing more to mitigate the cyber skills shortage, with over one-third (36%) stating that they could be doing much more. Respondents say that their organizations could be taking steps like increasing security professional compensation, providing advanced non-monetary incentives, educating HR professionals and recruiters, and increasing their commitment to cybersecurity training as ways to better address the ongoing skills shortage.
  • CISOs must lead the charge. When asked to identify the qualities that make CISOs successful, nearly three-quarters (71%) pointed toward leadership or communications skills. CISO effectiveness varies – 31% of respondents claim their CISO is very effective, 40% believe their CISO is effective, and 26% say their CISO is somewhat effective.

Survey respondents were also asked how their organizations could improve their overall cybersecurity programs. The top responses included increasing cybersecurity training for IT and security professionals, striving to improve the organization’s cybersecurity culture, hiring more staff, increasing the cybersecurity budget, and improving basic security hygiene and posture management.

“For a majority of organizations, cybersecurity continues to be treated as a cost center or compliance mandate versus a business enabler or growth driver,” said Candy Alexander, Board President, ISSA International. “Cybersecurity professionals are charged with protecting the organization while being overworked, overstressed, and understaffed. There was a point in time where organizations could get away with doing ‘good enough security,’ but those days are gone. Relentless, AI-fueled cyberattacks and expanding attack surfaces are a sampling of new problems that are going to overwhelm and overrun underinvested cybersecurity programs. Executive management needs to recognize that their business goals are only possible if cybersecurity successfully enables their business to operate in today’s threat environment day after day.”

“Cybersecurity professional jobs grow more challenging, nuanced, and specialized annually,” stated Jon Oltsik, Distinguished Analyst and Fellow, Enterprise Strategy Group. “My hope is that this eBook not only exposes these issues but also provides business leaders with some creative ways to address them. Trends like digital transformation and cloud computing combined with a progressively dangerous threat landscape are adding to the scale and complexity associated with strong cybersecurity. Understanding, supporting, and enabling our security professionals must be recognized as a foundational requirement in an increasingly digital world.”

The Life and Times of Cybersecurity Professionals (Volume 6) is available for free download on the Enterprise Strategy Group website and The Information Systems Security Association website. Enterprise Strategy Group and The Information Systems Security Association believe the data presented in the eBook can help business and IT leaders with personnel management and cybersecurity defenses. The eBook should also help cybersecurity professionals with career management.

About The Information Systems Security Association

The Information Systems Security Association (ISSA)™ is the community of choice for international cyber security professionals dedicated to advancing individual growth, managing technology risk, and protecting critical information and infrastructure. ISSA members and award winners include many of the industry’s notable luminaries and represent a broad range of industries – from communications, education, healthcare, manufacturing, financial and consulting to IT – as well as federal, state and local government departments and agencies. Through regional chapter meetings, conferences, networking events and content, members tap into a wealth of shared knowledge and expertise. Follow us on Twitter at @ISSAINTL.

Click on the link to learn more about ISSA.

About TechTarget’s Enterprise Strategy Group

TechTarget’s Enterprise Strategy Group is an integrated technology analysis, research, and strategy firm providing market intelligence, actionable insight, and go-to-market content services to the global technology community. It is increasingly recognized as one of the world’s leading analyst firms in helping technology vendors make strategic decisions across their go-to-market programs through factual, peer-based research. TechTarget, Inc. (Nasdaq: TTGT) is the global leader in purchase intent-driven marketing and sales services focused on delivering business impact for enterprise technology companies.

Click on the link to learn more about Enterprise Strategy Group.

Kesselring Communications

Leslie Kesselring

leslie@kesscomm.com

(503) 358-1012

Source: The Information Systems Security Association

TechTarget, Inc.

NASDAQ:TTGT

TTGT Rankings

TTGT Latest News

TTGT Stock Data

821.70M
29.24M
11.06%
94.32%
3.01%
Internet Content & Information
Telegraph & Other Message Communications
Link
United States of America
NEWTON