Despite the rising threats, the survey shows that cybersecurity budgets and staffing levels are not keeping up
A new report from ISACA, the global technology association, reveals that 66 per cent of cybersecurity professionals find their roles more stressful today compared to five years ago. The findings come from the 2024 State of Cybersecurity survey, which gathered responses from over 1,800 cybersecurity professionals on the workforce and the evolving threat landscape. The annual report, sponsored by Adobe, sheds light on the growing pressures in the cybersecurity field.
The top factors contributing to this increased stress include a more complex threat landscape (81 per cent ), limited budgets (45 per cent ), hiring and retention challenges (45 per cent ), insufficiently trained staff (45%), and a lack of prioritization of cybersecurity risks (34%).
Rise In Cyber Attacks
The report also highlights an increase in cyberattacks, with 38 per cent of organisations experiencing more attacks than the previous year, up from 31 per cent. The most common types of attacks include social engineering (19 per cent ), malware (13 per cent ), unpatched systems (11 per cent ), and denial of service (11 per cent ).
With the rise in attacks, nearly half (47 per cent ) of respondents expect their organisation to face a cyberattack within the next year. However, only 40 per cent expressed confidence in their team’s ability to effectively detect and respond to cyber threats.
Mike Mellor, VP of Cyber Operations at Adobe, addressed the growing concern around social engineering attacks, such as phishing: “With the increasing frequency and sophistication of these attacks, it’s essential for organisations to adopt secure authentication methods to strengthen their defenses.” He emphasised the importance of fostering a strong security culture through training and implementing measures like zero-trust networks.
Resource & Staffing Challenges
Despite the rising threats, the survey shows that cybersecurity budgets and staffing levels are not keeping up. Over half of respondents (51 per cent ) believe their cyber budgets are underfunded, an increase from 47 per cent in 2023. Only 37 per cent expect their budgets to increase in the coming year.
Staffing remains a significant challenge, with 57 per cent of organisations saying their teams are understaffed. While hiring has slowed slightly, 46 per cent of organisations still have non-entry level positions open, and 18 per cent have entry-level positions available. The figures reflect a slight decrease from last year’s report, indicating a tough hiring environment.
Skills & Retention
When seeking new talent, employers are focusing on candidates with prior hands-on experience (73 per cent ) and relevant credentials (38 per cent ). However, many organizations are facing skills gaps, particularly in areas such as communication, critical thinking, problem-solving (51 per cent ), and cloud computing (42 per cent ).
Retention is also a concern, with 55 per cent of respondents reporting difficulty in keeping qualified cybersecurity professionals. The main reasons for leaving include recruitment by other companies (50 per cent ), lack of financial incentives (50 per cent ), limited opportunities for promotion (46 per cent ), and high levels of work stress (46 per cent ).
Jon Brandt, ISACA’s Director of Professional Practices and Innovation, emphasized the need for employers to address the occupational stress their cybersecurity staff face. “This is an opportunity for employers to explore ways to support staff before burnout and attrition occur. Employees want to feel valued. As the leadership adage goes, take care of your people and they’ll take care of you,” Brandt said.
As organisations continue to face growing cyber threats, addressing workforce challenges will be key to maintaining effective defenses in an increasingly complex security environment.
