Cybersecurity hiring slows, pros’ stress levels rise
66% of cybersecurity professionals say their role is more stressful now than it was five years ago, according to ISACA.
Major contributors to rising stress levels among cybersecurity professionals
According to the data, the top reasons for increased stress among cybersecurity professionals are:
- An increasingly complex threat landscape (81%)
- Low budget (45%)
- Worsening hiring/retention challenges (45%)
- Insufficiently trained staff (45%)
- Lack of prioritization of cybersecurity risks (34%).
In line with this sentiment around challenging threats, 38% of organizations are experiencing increased cybersecurity attacks, compared to 31% a year ago. These top attack types include social engineering (19%), malware (13%), unpatched system (11%) and denial-of-service (11%).
On top of that, 47% expect a cyberattack on their organization in the next year, and only 40% have a high degree of confidence in their team’s ability to detect and respond to cyber threats.
“Social engineering attacks, such as phishing, are a growing concern for organizations as human error remains a major factor in data breaches,” said Mike Mellor, VP of Cyber Operations at Adobe. “With the increasing frequency and sophistication of these attacks, it’s essential for organizations to adopt secure authentication methods to strengthen their defenses. Adobe believes that fostering a deep security culture among all employees through anti-phishing training, combined with stronger controls such as zero-trust networks protected by phishing-resistant authentication are essential in safeguarding any organization.”
Cybersecurity budgets and staffing fail to keep up with threats
Despite an increasingly difficult threat landscape, the survey shows cybersecurity budgets and staffing are not keeping pace. 51% say that cyber budgets are underfunded (up from 47% in 2023), and only 37% expect budgets will increase in the next year.
Though 57% of organizations say their cybersecurity teams are understaffed, hiring has slightly slowed. 38% of organizations have no open positions, compared to 35% last year. 46% of organizations have non-entry level cybersecurity positions open, compared to 50% last year. 18% have entry-level positions open, compared to 21% last year.
Employers seeking qualified candidates for open roles are prioritizing prior hands-on experience (73%) and credentials held (38%). Respondents indicate that the main skills gaps they see in cybersecurity professionals are soft skills (51%)—especially communication, critical thinking and problem solving—and cloud computing (42%).
Economic conditions appear to be discouraging employees from leaving current jobs—especially within the United States.
55% of respondents that reported having difficulties retaining qualified cyber candidates, the main reasons for leaving included being recruitment by other companies (50%, down eight points from 2023), poor financial incentives (50%), limited promotion and development opportunities (46%), and high work stress levels (46%).
“Employers should home in on the occupational stress their digital defenders are facing. This is an opportunity for employers to explore ways to support staff before burnout and attrition occur,” says Jon Brandt, ISACA Director, Professional Practices and Innovation. “Employees want to feel valued. As the leadership adage goes, take care of your people and they’ll take care of you.”
Fill out the form to get your free eBook: