Cybersecurity Teams Struggle to Manage Rising Cyberattack Volumes, ISACA Study Finds

Source: ISACA
Date Published: 1 October 2024
Estimated Read Time: 3 Minutes

A new report from ISACA, a global professional association dedicated to advancing digital trust, highlights that cybersecurity teams are struggling to cope with the increasing frequency and complexity of cyber threats. The findings reveal that 61% of cybersecurity professionals in Europe consider their teams to be understaffed, and over half (52%) feel that their budgets are inadequate to meet the growing demands.

These resource challenges are taking a toll on the workforce, with 68% of professionals reporting higher stress levels compared to five years ago. A significant majority (79%) attribute this stress to a rapidly evolving and increasingly complex cyber threat landscape.

The study also indicates that 41% of respondents have seen a rise in cyberattacks over the past year, while 29% report no change in attack volume. Looking ahead, 58% expect their organizations to be targeted in the coming year—a 6% increase from the previous year’s forecast of 52%. This uptick emphasizes the need for strategic investments in staffing and skill development to improve organizational resilience and limit potential damage from cyber incidents.

ISACA’s Chief Global Strategy Officer, Chris Dimitriadis, emphasized the critical nature of addressing these shortfalls: “Given the complexity of today’s cyber threats, addressing the issues of underfunded and understaffed teams is crucial. Without strong, skilled personnel, entire digital ecosystems and critical infrastructure are at risk.”

The research also underscores the difficulty in hiring for cybersecurity roles. Currently, 19% of organizations have vacant entry-level positions, while 48% report having unfilled roles that require specific expertise or credentials. These numbers have only slightly improved from 2023, when the figures stood at 22% and 53%, respectively—indicating persistent challenges in closing the talent gap.

Soft skills are a particular area of concern, with 52% of respondents highlighting a shortage among current cybersecurity professionals. Among these, communication skills (cited by 54%) are seen as the most critical, followed by problem-solving abilities (53%) and critical thinking (48%).

Dimitriadis further noted the value of a diverse talent pool in bridging these gaps: “The cybersecurity sector can significantly benefit from bringing in individuals with varied backgrounds, skills, and perspectives. Once new talent is onboarded, companies can invest in training and certifications to enhance their technical proficiency.”

Mike Mellor, Vice President of Security Engineering at Adobe, a sponsor of the research, echoed these sentiments. He stressed the importance of integrating secure authentication practices and fostering a robust security culture within organizations. According to Mellor, measures such as zero-trust networks combined with phishing-resistant authentication methods, supported by comprehensive anti-phishing training for employees, are essential to maintaining strong cyber defenses.

Risk Cognizance GRC: Addressing the Challenges of the Modern Cybersecurity Landscape

As organizations grapple with limited budgets, understaffed teams, and a complex threat environment, Risk Cognizance’s Governance, Risk, and Compliance (GRC) platform offers a robust solution to streamline and strengthen security operations. Risk Cognizance GRC helps teams optimize resources by providing a unified platform for risk assessments, compliance management, and incident response planning.

Through its integrated tools, Risk Cognizance enables security teams to identify vulnerabilities, prioritize remediation efforts, and maintain compliance with evolving regulations—all while reducing the strain on personnel. The platform also fosters a collaborative environment where teams can easily track and report on risk management activities, ensuring transparency and alignment across departments. By leveraging Risk Cognizance GRC, organizations can build a more resilient and well-supported cybersecurity posture, even amid budget constraints and staffing shortages.