52% of cyber professionals feel that their budget is underfunded

Cybersecurity teams are under strain, as 61% of European cybersecurity professionals say that their organisation’s cybersecurity team is understaffed, and over half (52%) believe that their organisation’s cybersecurity budget is underfunded. That’s according to new research from ISACA, the leading global professional association helping individuals and organisations in their pursuit of digital trust.

Staff and funding struggles are having an impact on wellbeing as 68% feel that their role is more stressful now compared to five years ago, with 79% putting this down to the increasingly complex threat landscape.

Two in five (41%) of respondents say they are experiencing more cyberattacks when compared to a year ago, and 29% think they are experiencing the same amount.

But respondents don’t feel the number of attacks will be slowing down any time soon. Over half (58%) state it is likely their organisation will experience a cyberattack in the next year. This has increased by 6 percentage points (52%) compared to 2023 so there needs to be more investment in the right staff and skills to prepare and respond to these attacks to limit long term damage.

Chris Dimitriadis, Chief Global Strategy Officer at ISACA, said: “In an increasingly complex threat landscape, it is vital that, as an industry, we overcome these hurdles of underfunding and under-staffed teams. Without strong, skilled teams, the security resilience of whole ecosystems is at risk – leaving critical infrastructure vulnerable.”

Despite the need for skilled teams to protect businesses, 19% say that their organisation has unfilled and open entry-level positions available, and 48% have unfilled open positions which require experience, a university degree, or other credentials. These figures have dropped only a few percentage points (from 22% and 53%) since 2023, pointing to an ongoing struggle to fill open positions.

52% of respondents say that soft skills are lacking the most amongst today’s cybersecurity professionals. Of the soft skills in question, 54% feel that communication skills (e.g. speaking and listening skills) are most important, followed by problem-solving (53%) and critical thinking (48%).

Dimitriadis added: “The cybersecurity industry will massively benefit from a diverse range of people – each with different skills, experiences, and perspectives. This is the key to plugging the skills gap. Once talent enters the industry, businesses can then train and upskill new entrants on the job with cyber certifications and qualifications.”

Mike Mellor, Vice President, Security Engineering at Adobe, who sponsored the research, said: “With the increasing frequency and sophistication of cyberattacks, it’s essential for organisations to adopt secure authentication methods to strengthen their defences. Adobe believes that fostering a deep security culture among all employees through anti-phishing training, combined with stronger controls such as zero-trust networks protected by phishing-resistant authentication are essential in safeguarding any organisation.”

Notes to Editors

On May 3, 2024, an online survey was sent to approximately 39,000 ISACA members and non-members, globally, holding a CISM certification OR having “security” in their job title, asking their opinions on the state of cybersecurity within their organization. As this respondent pool is comprised entirely of ISACA members or ISACA certification holders, within limited geographies and industries, it should not be interpreted to represent the entire IT Security population. 1,868 respondents completed the entire survey, with a margin of error of +/- 2 points at the 95% confidence level. Note that response rates vary by question.

About ISACA

For more than 50 years, ISACA® (www.isaca.org) has equipped individuals and enterprises with the knowledge, credentials, education, training and community to progress their careers, transform their organizations, and build a more trusted and ethical digital world. ISACA is a global professional association and learning organization that leverages the expertise of its 180,000 members who work in digital trust fields such as information security, governance, assurance, risk, privacy and quality. It has a presence in 188 countries, including 225 chapters worldwide. Through the ISACA Foundation, ISACA supports IT education and career pathways for underresourced and underrepresented populations.

Firstlight Group +44 7960 079 643, isacateam@firstlightgroup.io ISACA Esther Almendros, +34 692 669 772, ealmendros@isaca.org