The global study by ISACA corroborates the on-ground reality in India. According to an estimate, the shortage of cybersecurity workforce in India is 9 percent higher than the global average. India needs about 1 million cybersecurity professionals, according to an estimate by the Data Security Council of India. The survey also indicated that 60% of organizations surveyed are fully staffed in-house to only “respond” to security threats and breaches, while nearly an equal number, 59%, are equipped to proactively “protect” cyberattacks.
According to findings of the State of Cybersecurity 2021 Part 1 survey report prepared by ISACA in partnership with HCL Technologies, though the cybersecurity industry has not been as negatively impacted by the pandemic as others, it continues to experience ongoing challenges in hiring and retention, with 49% of the respondents saying that they have unfilled positions in the stream.
At a time when the focus is on security and data protection in the backdrop of data breaches in the wake of the pandemic, 78% of the respondents felt that a prior hands-on experience in cybersecurity role is necessary to help organizations sail through their cybersecurity requirements. However, 53% of the respondents felt that less than half of their applicants are well qualified for the position for which they are applying.
Globally, though the survey noted the cybersecurity workforce was mainly spared the pandemic devastation experienced by other professions. It found that longstanding issues persist, including:
- 46%of respondents indicate that their cybersecurity teams are understaffed.
- 49% say they have unfilled cybersecurity positions.
- 53% say their cybersecurity applicants are not well qualified.
- Only 41%say HR regularly understands their cybersecurity hiring needs.
Impact of COVID-19 Pandemic on Security Spending
The pandemic has put the spotlight on organizations’ data protection and privacy. To this end, 42% of the respondents felt they were appropriately funded for security function while more than half the respondents said that spending on security technology initiatives has increased during the pandemic.
Hiring and Skills Challenges Persist, Especially with Recent Graduates
Among a host of factors plaguing the industry, poor financial incentives stood out as the most visible reason that cybersecurity professionals are leaving their jobs,at 45%, followed by limited promotion and development opportunities at 44%. 49% of the respondents said they had unfilled positions in their organization, and 51% indicated that it takes anywhere between three to six months to fill an open position. At the same time, only 41% of the respondents felt that the HR department understands their organization’s cybersecurity hiring needs to properly pre-screen candidates. On skill gaps, 44% of the respondents said that security controls is the biggest skill gap they see in today’s cybersecurity professionals. Fortunately, more than half the respondents said they are training non-security staff who are interested in taking up security roles.
Organizations are addressing the problem through:
- Training non-security staff who are interested in moving to security roles (52%)
- Increasing use of reskilling programs (46%)
- Increasing use of performance-based training to attest to actual skill mastery (37%)
- Increasing usage of contract employees or outside consultants (35%)
- Increasing reliance on AI/automation (31%)
“The COVID-19 pandemic and the resultant remote working has further emphasized the need for a robust cybersecurity approach. Upskilling, reskilling professionals to be able to quickly understand and address threats of data breaches and privacy is the need of the hour. For training and development of professionals to address the skill gaps in cybersecurity, the government, academia and industry will have to collaborate with each other. It is not only important to better prepare fresh graduates, but also bring a wider pool from all streams and equip them with the skills needed to succeed in cybersecurity career,” said R.V. Raghu, Member of ISACA’s Emerging Trends Working Group and Director at Versatilist Consulting India Pvt Ltd.