Over half (52%) of cyber professionals are struggling to cope with budget pressures, and 61% also reported understaffed teams – the cyber industry is impacted by the strain of economic turbulence and a rising global threat landscape.
The findings were revealed in a study of nearly 2,000 ISACA members, observing the state of the cyber staffing industry and the pressures that teams face.
It was discovered that 68% of cybersecurity professionals have reported increased stress now than compared to five years ago, and nearly half (45%) of cybersecurity workers have considered quitting due to work-related stress.
Recruiting new staff was highlighted as a significant issue facing the industry, with 19% having unfilled entry-level positions and 48% having unfilled positions requiring a degree of cyber experience.
David Manfield, Associate Director for Cyber Security for Investigo, said: “Businesses are feeling the squeeze when it comes to recruiting cyber staff, reflecting talent pipeline struggles caused by tightening budgets over the past year. Boardrooms know the problem, with 30% saying that recruiting cyber staff is their main hiring concern, but the increase in the volume and complexity of cyber threats has exacerbated the issue.
“While businesses should aim to have cyber experts in place at all times, there are cost-effective options to bolster cyber defences. Recruiting interim cyber staff, for example, to evaluate and set organisation-wide cyber policies, especially during peak threat periods throughout the year, offers a more budget-friendly way to remain resilient against cyberattacks while looking to hire permanent staff,” added Manfield.
The cybersecurity workforce crisis is leaving businesses vulnerable and cybersecurity professionals overworked, with ISACA’s research also revealing that underfunding and staff shortages are exacerbating mental health challenges, especially stress and burnout.
Andy Ward, SVP International for Absolute Security, said: “The tide of cyberthreats is showing no signs of slowing down, so it’s vital that the UK continues to invest in its cyber-resilience across technology, people and protocols, even during a challenging job market and economy.
“Cyberattacks are a case of when, not if, so failing to bolster cyber-resilience will prove even more costly without the right response and recovery systems in place. In fact, our research shows the threat of attacks on underfunded teams is adding to the pressure, with 62% worried they could lose their job if their organisation was hit by a major successful attack.
“To ease the burden, security teams need greater visibility over their endpoints, especially in work-from-anywhere environments. This facilitates continuous monitoring of devices and applications to detect and flag suspicious activity, providing centralised teams with the ability to freeze or shut off potentially compromised devices to prevent threat actors from moving laterally across a network. This enables CISOs and their teams to manage larger threat surfaces while maintaining uptime for healthy devices,” added Ward.