Across Europe, cyber security professionals feel increasingly constrained and restricted, according to data produced at professional association ISACA, which reveals 61% think their teams are understaffed, and 52% think their teams are underfunded despite predicted rises in spending, leaving them unable to keep pace with the threat environment, and putting those they are charged with protecting at risk.
ISACA’s study of almost 2,000 ISACA members, based on a wider survey conducted in May, found that these struggles were also having an impact on the wellbeing of cyber pros, with 68% feeling their work was more stressful now that it was in 2019, and 79% of those attributing that to the threat landscape, which is arguably far more complex today than it was on the eve of the Covid-19 pandemic.
Nor did respondents feel there was likely to be any let up, with 58% fully expecting to have to deal with a cyber attack in the next 12 months – a figure that has increased by six percentage points since 2023.
“In an increasingly complex threat landscape, it is vital that, as an industry, we overcome these hurdles of underfunding and under-staffed teams. Without strong, skilled teams, the security resilience of whole ecosystems is at risk – leaving critical infrastructure vulnerable,” said ISACA chief global strategy officer Chris Dimitriadis.
Skills shortage
Despite the obvious need for cyber security skills, ISACA’s data shows that this demand is still going unmet, with 19% of respondents saying they had open, unfilled positions at entry-level and 48% saying they had open, unfilled positions requiring either a certain degree of experience, a degree, or other cyber-related credentials.
These figures are dropping slightly compared to 2023 – down from 22% and 53% respectively, but, said Dimitriadis, the struggle to attract the right, skilled candidates is clearly ongoing.
In terms of skills sets required, 52% of respondents said it was soft skills that are most lacking among cyber pros – something that is becoming increasingly important as security practitioners are called on to work away from technology, such as when communicating with board leadership during a crisis management situation, or guiding employees through security training.
Communication skills was felt to be the top soft skill in demand, following by problem-solving and critical thinking.
“The cyber security industry will massively benefit from a diverse range of people – each with different skills, experiences and perspectives. This is the key to plugging the skills gap. Once talent enters the industry, businesses can then train and upskill new entrants on the job with cyber certifications and qualifications,” said Dimitriadis.
Mike Mellor, vice-president of security engineering at report sponsor Adobe, added: “With the increasing frequency and sophistication of cyber attacks, it’s essential for organisations to adopt secure authentication methods to strengthen their defences.
“Adobe believes that fostering a deep security culture among all employees through anti-phishing training, combined with stronger controls such as zero-trust networks protected by phishing-resistant authentication are essential in safeguarding any organisation.”