ISACA Publishes 8th Annual Cybersecurity Survey in India
This year’s survey results in India depict that 60% of the organizations have unfilled cybersecurity positions and that 42% report their organization’s cybersecurity team is understaffed.
Cybersecurity has been coming up as one of the most crucial factors whose demand is growing every day as India ranks second only to the US in most security threats on the cloud, followed by Australia, Canada and Brazil.
Cybersecurity skills demand in the country is slated to grow, reflecting the global trend of an increasing skills gap in cybersecurity and a workforce unable to meet industry demand.
ISACA has published its eighth annual cybersecurity survey in India as it reveals an increase in cybersecurity hiring and retention challenges in the country.
According to ISACA’s new survey report, State of Cybersecurity 2022: Global Update on Workforce Efforts, Resources and Cyber Operations, sponsored by Looking Glass Cyber Solutions, organizations are struggling more than ever with hiring and retaining qualified cybersecurity professionals and managing skills gaps.
Speaking at a press briefing to unveil the report, Chris Dimitriadis, ISACA Chief Global Strategy Officer, said, “Challenges in hiring and retaining cybersecurity professionals have impacted organizations around the world for years, and have only become more complex amid the pandemic and larger shifts in the global workforce. ISACA is addressing those challenges globally by building a workforce of digital trust professionals, who have more holistic and correlated views from the adjacent professions of cybersecurity, IT audit, risk, privacy and digital technology governance, while also offering state of the art tools in cyber maturity assessments.”
R.V Raghu, ISACA Ambassador in India and past ISACA Board Director, added, “A strong cybersecurity workforce with cutting-edge skills is essential in the face of evolving technology and an ever-changing cyber threat landscape to support much-needed digital trust. Hands-on training, credentials, networking and sharing best practices through the cybersecurity community globally and in India, including through organizations like ISACA, can help cybersecurity professionals in India not only strengthen their skillsets and keep advancing their careers but also ensure they are keeping their enterprises protected against the latest cyber threats.”
“It’s important to understand the trends across the community over time as well as how one’s organization compares. This is necessary information to help advance the field as a whole, and we’re proud to be a part of sharing and disseminating these insights,” says Mary Yang, Chief Marketing Officer at Looking Glass Cyber Solutions. “Looking Glass is thrilled to support the cybersecurity community by partnering with ISACA on this report.”
This year’s survey results in India depict that 60% of the organizations have unfilled cybersecurity positions and that 42% report their organization’s cybersecurity team is understaffed. Even more concerning is that 59% believe that less than half of their applicants are well qualified for the position they are applying for.
Hiring and retention challenges
As in past years, filling cybersecurity roles and retaining talent continues to be a challenge for many enterprises. Sixty-three percent of global respondents indicate they have unfilled cybersecurity positions and India reflects the same trend with 60% unfilled positions.
Sixty-two percent of India-based respondents say it takes three to six months for their organizations to find qualified cybersecurity candidates for open positions, compared to 47% globally.
For respondents in India, the top factors hiring managers use to determine whether a candidate is qualified are prior hands-on cybersecurity experience (77%), credentials (45%) and hands-on training (38%). Two in three (65%) respondents report difficulties retaining qualified cybersecurity professionals, a 14 percentage-point increase from 2021.
Skills gaps and mitigation
Respondents from India indicate they are looking for a range of skills in candidates, noting the top skills gaps they see in today’s cybersecurity professionals are soft skills (53%), cloud computing (48%)—a new response option for this question—and security controls implementation (42%).
The top three most required security skills are cloud computing (51%), identity & access management (45%) and data protection (44%). Among the top soft skills deemed important are critical thinking (53%), communication (52%) and problem-solving (44%).
Fifty-nine percent of respondents in India believe that less than half of their applicants are well qualified for the position for which they are applying. India-based respondents note that their organizations are undertaking multiple measures to decrease cybersecurity skills gaps such as training to allow non-security staff who are interested to move into security roles (58%), increased use of reskilling programs (44%), increased usage of consultants and external staff (38%), and increased use of performance-based training (36%).
This year, 33% of respondents in India indicate that their organization is experiencing more cyber-attacks compared to a year ago. When asked about their main concerns related to cyberattacks, organizational reputation (86%), data breach concerns (78%) and cyber-attack on supply chain or business disruption (63%) rank top of mind for India-based respondents.
Despite the threats they face, 79% of respondents in India indicate they are confident in their organization’s cybersecurity team’s ability to detect and respond to cyber threats.
While 48% of respondents in India opine that their cybersecurity budgets are appropriately funded, 31% perceive their budget is underfunded, compared to 54% globally.
Fifty-nine percent of Indian respondents expect some level of increase in cybersecurity budgets, while only 17% of respondents in India, almost half of the global number of 38%, expect no change in budgets.
The survey features insights from more than 2,000 cybersecurity professionals around the globe and examines cybersecurity staffing and skills, resources, cyber threats and cybersecurity maturity.