Cybersecurity professionals increasingly are feeling stress, primarily in response to an escalating threat landscape, new ISACA research shows.
Sixty-six percent of cybersecurity professionals say their role is more stressful now than five years ago, according to the newly released 2024 State of Cybersecurity survey report from ISACA. The annual research, fielded with support from Adobe—which surveyed more than 1,800 cybersecurity professionals on topics related to the cybersecurity workforce and threat landscape—cite the top reasons for this increased stress as:
- an increasingly complex threat landscape (81 percent)
- low budget (45 percent)
- worsening hiring/retention challenges (45 percent)
- insufficiently trained staff (45 percent)
- lack of prioritization of cybersecurity risks (34 percent).
The survey shows that 38 percent of organizations are experiencing increased cybersecurity attacks, compared to 31 percent a year ago. These top attack types include: 1) social engineering (19 percent), 2) malware (13 percent), and 3) unpatched system Denial of Service (11 percent).
Nearly half (47 percent) expect a cyberattack on their organization in the next year, and only 40 percent have a high degree of confidence in their team’s ability to detect and respond to cyber threats.
“Social engineering attacks, such as phishing, are a growing concern for organizations as human error remains a major factor in data breaches," said Mike Mellor, VP of Cyber Operations at Adobe. "With the increasing frequency and sophistication of these attacks, it’s essential for organizations to adopt secure authentication methods to strengthen their defenses. Adobe believes that fostering a deep security culture among all employees through anti-phishing training, combined with stronger controls such as zero-trust networks protected by phishing-resistant authentication are essential in safeguarding any organization.”
Even as the threat landscape becomes more challenging, cybersecurity budgets and staffing are not keeping pace, according to the survey. More than half (51 percent) say that cyber budgets are underfunded and only 37 percent expect budgets will increase in the next year.
Employers seeking qualified candidates for open cybersecurity roles are especially seeking prior hands-on experience (73 percent) and credentials held (38 percent). Respondents indicate that the main skills gaps they see in cybersecurity professionals are soft skills (51 percent)—especially communication, critical thinking and problem solving—and cloud computing (42 percent).
While recruiting cybersecurity professionals remains a pain point for many organizations, so is retention. More than half of survey respondents (55 percent) reported having difficulties retaining qualified cyber candidates, noting the main reasons for leaving being: 1) recruitment by other companies (50 percent, down eight points from 2023), poor financial incentives (50 percent), 2) limited promotion and development opportunities (46 percent), and 3) high work stress levels (46 percent).
“Organizations must advocate for increased investment in cybersecurity, even amid financial uncertainty, to protect against escalating cyber threats,” writes Pablo Ballarin Usieto, a member of the ISACA Emerging Trends Working Group. “Simultaneously, the industry needs to attract and retain younger talent to prepare for the impending retirement wave of experienced professionals. Lastly, companies should actively engage in AI development, leveraging its capabilities to bolster their defenses against a backdrop of geopolitical tension and economic volatility.”
A complimentary copy of ISACA’s 2024 State of Cybersecurity survey report can be accessed at h04.v6pu.com/state-of-cybersecurity-2024. For more cybersecurity resources from ISACA, visit h04.v6pu.com/cybersecurity.