According to the recently released 2024 State of Cybersecurity survey report from ISACA, an international organization focused on building trust in technology, 66% of cybersecurity professionals believe their roles have become more stressful compared to five years ago. This annual survey, backed by Adobe, gathers perspectives from over 1,800 cybersecurity experts regarding workforce issues and the evolving threat landscape. The main factors contributing to this increased stress include:
- A more intricate threat landscape (81%)
- Financial constraints (45%)
- Challenges in recruiting and retaining talent (45%)
- Insufficiently trained staff (45%)
- Lack of emphasis on cybersecurity risk prioritization (34%)
Increasing Cybersecurity Threats
Reflecting these concerns, 38% of organizations indicate a rise in cybersecurity incidents, compared to 31% from the previous year. The most frequently reported types of attacks include social engineering (19%), malware (13%), unpatched systems (11%), and Denial of Service (11%).
In addition, almost half (47%) of respondents anticipate a cyberattack targeting their organization within the next year, yet only 40% feel confident in their team’s ability to identify and mitigate such threats.
Resource Limitations
Despite the growing complexity of the threat landscape, the survey reveals that cybersecurity budgets and staffing are not keeping up with the increasing demands. More than half (51%) of participants assert that their cybersecurity budgets are insufficient, rising from 47% in 2023, with just 37% expecting budget growth in the year ahead.
While 57% of organizations acknowledge their cybersecurity teams are understaffed, hiring trends have shown a slight downturn:
- 38% of organizations currently have no vacancies, an increase from 35% last year.
- 46% have openings for non-entry-level cybersecurity roles, down from 50% in the previous year.
- 18% are seeking to fill entry-level positions, compared to 21% last year.
Skills Gaps and Retention Challenges
Employers searching for qualified candidates place a strong emphasis on prior practical experience (73%) and relevant certifications (38%). Respondents identified significant skill shortages among cybersecurity professionals, particularly in soft skills (51%), including communication, critical thinking, and problem-solving, as well as cloud computing proficiency (42%).
Among the more than half of respondents (55%) who face difficulties retaining qualified cybersecurity talent, the main reasons for attrition include offers from other companies (50%, an eight-point decrease from 2023), inadequate compensation (50%), limited promotion and development prospects (46%), and high levels of occupational stress (46%).
About ISACA
For over five decades, ISACA has provided individuals and organizations with the essential knowledge, credentials, education, training, and community support needed for career development, organizational transformation, and fostering a more trusted and ethical digital landscape. ISACA draws on the expertise of more than 180,000 members working across various fields, including information security, governance, assurance, risk management, privacy, and quality. Operating in 188 countries with 225 chapters worldwide, ISACA also champions IT education and career pathways for underserved and underrepresented communities through the ISACA Foundation.
