Blog

Report: Cybersecurity Understaffing Lowers Ability to Handle Cyber Threats

Jun 09, 2020

Understaffing in cybersecurity teams remains a major challenge for organizations, with 62% of respondents in a recent ISACA survey saying they are struggling with it. And even though the number of understaffed organizations fell by seven percentage points from last year, staffing issues are making some organizations more vulnerable to cyberattacks.

Concerns over the ability to respond to threats are widespread, according to ISACA’s State of Cybersecurity 2020 Survey Part 2 report, which gathered responses from 2,000 respondents in 102 countries. Only 21% of respondents in “significantly understaffed” organizations say they are completely or very confident in their organization’s ability to respond to threats, while those who designate their cybersecurity teams as “appropriately staffed” have a 50% confidence level.

The relationship between staffing and preparedness to deal with threats is well understood, so it isn’t surprising that understaffed security teams have less confidence in their ability to protect their organizations.

2019 Cybersecurity Workforce Study Unfortunately, the prospects for filling cybersecurity vacancies are slim for many organizations. The cybersecurity profession is in the midst of an acute shortage of qualified workers. (ISC)²’s 2019  Cybersecurity Workforce Study put the estimate of a global shortage at 4.07 million.

Imminent Threats

Not only do cybersecurity professionals worry about their ability to respond to attacks, but many also believe cyberattacks are imminent. Slightly more than half of respondents (53%) in the ISACA survey believe their organization is likely to experience one within 12 months.

And though attacks appear to be increasing at a slower pace than in the past, according to the study, the upward trend continues. As it does, the study revealed some disturbing practices. Most respondents (62%) believe their organizations fail to report cybercrimes, even when legally or contractually obligated to do so.

Other research completed since the start of the COVID-19 pandemic reveals that attacks are up , as cybercriminals try to exploit the sudden, steep increase in work-from-home numbers. This echoes the findings of the (ISC)² COVID-19 Cybersecurity Pulse Survey , in which 23% of respondents indicated they had seen an increase in security incidents during the pandemic, some as much as double the normal volume. The ISACA study revealed that the most common types of attack are social engineering (15%), advanced persistent threats (10%) and ransomware and unpatched systems (both 9%).

Organizations that struggle to fill vacant cybersecurity positions appear to be more vulnerable. The study found that 42% of them are experiencing more attacks this year. In addition, 35% of respondents in companies taking three months to hire cybersecurity workers reported an increase in attacks, as did 38% of those taking taking six months or more.

The (ISC)² Cybersecurity Workforce Study outlines four key strategies organizations should consider in recruiting and building strong cybersecurity teams. Read about them here: https://blog.isc2.org/isc2_blog/2019/11/strategies-for-building-a-cybersecurity-dream-team.html