Cybersecurity teams are understaffed, overworked, and underfunded – and it’s taking a heavy toll on mental health
Despite a growing array of cybersecurity threats, teams are still not being given the support they need
More than half of European cybersecurity professionals say their team is understaffed and struggling to manage growing workloads.
Research from ISACA found 61% of security teams are dealing with staff shortages, while around half (52%) of cyber professionals believe their budgets are lower than required.
Notably, the study found that many respondents have experienced acute challenges in recruiting for open positions over the last year.
Nearly one-in-five respondents said their organization has unfilled and open entry-level positions available, while around half (48%) have unfilled positions which require experience, such as a university degree or other industry accredited qualifications.
The statistics from ISACA come amid a period of heightened cybersecurity threats for businesses globally, which the organization said is being exacerbated by a lack of relevant skills.
Nearly half (41%) of respondents said they are experiencing more cyber attacks compared to the same period last year while 29% think they are experiencing the same volume of attacks.
Security professionals don’t see an end to this onslaught any time soon, either.
Get the ITPro. daily newsletter
Receive our latest news, industry updates, featured resources and more. Sign up today to receive our FREE report on AI cyber crime & security - newly updated for 2024.
Over half (58%) said they anticipate their organization will experience a cyber attack in the next year. This marks an increase compared to ISACA research from the year prior, underlining the need for greater investment and funding to drive recruitment.
“In an increasingly complex threat landscape, it is vital that, as an industry, we overcome these hurdles of underfunding and under-staffed teams,” said Chris Dimitriadis, chief global strategy officer at ISACA.
“Without strong, skilled teams, the security resilience of whole ecosystems is at risk – leaving critical infrastructure vulnerable.”
ISACA’s research on the cybersecurity workforce aligns closely with similar research from ISC2, which also warned of a growing shortage of staff this year.
The 2024 Cybersecurity Workforce Study found growth in the cyber workforce slowed significantly over the last year and was having a detrimental effect on staffing levels.
Notably, respondents told ISC2 that a “lack of budget” was the primary reason behind staff shortages, with 37% of respondents reporting they had their budgets cut in the last year.
This, the study noted, marked the first time this issue was highlighted by industry stakeholders.
Cybersecurity staff are still stressed out
Staffing levels in the cybersecurity space are having a marked negative impact on mental health and wellbeing, ISACA’s research found.
More than two-thirds (68%) feel their role is more stressful now compared to five years ago, with 79% attributing this to the increasingly perilous threat landscape they face on a daily basis.
Mental health in the cybersecurity industry has been a long-running talking point, with industry stakeholders warning of a growing state of discontent among workers.
Research from Gartner last year found nearly half of CISOs and senior cyber professionals could leave their roles in the next five years due to work-related stress.
The 2022 Voice of SecOps report also found 91% of staff feel stressed in their role, further underlining the long-running issue at play in the sector. These stressful work environments, the study found, have prompted nearly half (45%) of staff to consider quitting.
A key factor in this trend is the ‘always on’ culture that permeates the cybersecurity industry, with staff forced to work long, strenuous hours due to the critical nature of their role.
Diverse workforces deliver benefits
To combat understaffing, ISACA’s research specifically highlighted the benefits of cultivating a workforce with a diverse range of skills and backgrounds.
More than half (52%) of respondents said soft skills are the area found most lacking among today’s cybersecurity professionals. Of the soft skills in question, 54% revealed communication skills are the most important, followed by problem-solving and critical thinking.
Dimitriadis said organizations contending with staff shortages should widen their nets to attract a broader pool of talent.
“The cybersecurity industry will massively benefit from a diverse range of people – each with different skills, experiences, and perspectives,” he said.
“This is the key to plugging the skills gap. Once talent enters the industry, businesses can then train and upskill new entrants on the job with cyber certifications and qualifications.”
More from ITPro
Ross Kelly is ITPro's News & Analysis Editor, responsible for leading the brand's news output and in-depth reporting on the latest stories from across the business technology landscape. Ross was previously a Staff Writer, during which time he developed a keen interest in cyber security, business leadership, and emerging technologies.
He graduated from Edinburgh Napier University in 2016 with a BA (Hons) in Journalism, and joined ITPro in 2022 after four years working in technology conference research.
For news pitches, you can contact Ross at ross.kelly@futurenet.com, or on Twitter and LinkedIn.