The top reasons cited for the heightened stress levels among Indian cybersecurity professionals include an increasingly complex threat environment
A recent survey by ISACA, a global professional association advancing trust in technology, has revealed that 63 per cent of cybersecurity professionals in India are experiencing higher levels of stress compared to five years ago. The data comes from the 2024 **State of Cybersecurity Report**, sponsored by Adobe, which surveyed more than 1,800 cybersecurity professionals worldwide, including 122 respondents from India. The report highlights growing concerns related to the cybersecurity workforce and the increasing complexity of the threat landscape.
The top reasons cited for the heightened stress levels among Indian cybersecurity professionals include an increasingly complex threat environment, insufficiently trained staff, ongoing challenges with hiring and retaining skilled talent, inadequate cybersecurity budgets, and the lack of prioritisation of cybersecurity risks by organisations.
According to the report, 29 per cent of respondents in India said their organisations have witnessed an increase in cybersecurity attacks, including social engineering, malware, denial-of-service (DoS), and zero-day exploits. Despite this growing threat, more than half of the respondents expressed confidence in their team’s ability to detect and respond to cyber threats, although many anticipate a cyberattack within the next year.
Mike Mellor, Vice President of Cyber Operations at Adobe, commented on the rising concern over social engineering attacks, such as phishing, which continue to pose a serious threat due to human error. “It is essential for organisations to adopt secure authentication methods and build a strong security culture. Combining anti-phishing training with stronger controls, like zero-trust networks protected by phishing-resistant authentication, is critical in safeguarding organisations,” Mellor stated.
The report also revealed a concerning trend: despite the growing complexity of cyber threats, cybersecurity budgets and staffing are not keeping pace. Nearly half of the respondents from India reported that their cybersecurity budgets are underfunded, and 46 per cent said their teams are understaffed. Additionally, 48 per cent of Indian organisations have open positions for non-entry-level cybersecurity roles, while only 24 per cent have entry-level positions available.
R.V. Raghu, director of Versatilist Consulting India Pvt Ltd and ISACA India Ambassador, pointed out the need for organisations to address these challenges. “Despite the increasing awareness of cybersecurity threats, many organisations in India continue to underfund their cybersecurity efforts. With 87 per cent of cybersecurity professionals identifying a complex threat landscape as a top stressor and 40 per cent pointing to underfunded budgets, it’s clear that more needs to be done to support these teams,” Raghu said. He emphasised the importance of better resource allocation, enhanced training, and a stronger focus on building resilient cybersecurity teams.
The report also highlighted the main skills gaps among Indian cybersecurity professionals, with cloud computing (48 per cent) and security control implementation (40 per cent) being the top areas where expertise is lacking. Moreover, more than half of the respondents reported difficulties in retaining qualified cybersecurity candidates. The top reasons for high turnover include limited opportunities for promotion and professional development, inadequate financial incentives, high stress levels, lack of management support, and limited opportunities for remote work.
ISACA’s 2024 State of Cybersecurity Report underlines the mounting pressure on India’s cybersecurity professionals, driven by a rapidly evolving threat landscape and organisational challenges. To mitigate these challenges, the report calls for increased investment in cybersecurity resources, better training programmes, and more robust support systems to strengthen teams and improve their ability to handle future threats.