Forty per cent of respondents in India said their cyber security teams are understaffed, according to ISACA’s ninth annual research report on the cyber security threat landscape, hiring, and budgets. The report, sponsored by Adobe, included insights from 113 security leaders in India.
The research said progress has been made in addressing employee retention but it continues to be a challenge. Sixty-nine per cent of survey respondents said they have difficulty in retaining qualified cyber security professionals.
When hiring cyber security professionals, India-based respondents said they are looking for five key technical skills: Cloud computing (46 per cent), penetration testing (42 per cent), forensics (38 per cent), identity and access management (38 per cent), and data protection (38 per cent).
When looking at soft skills, critical thinking (59 per cent), problem solving (51 per cent), decision making (49 per cent), communication (47 per cent), and leadership qualities (33 per cent) come in as the top five skills global employers in India are seeking in cyber security job candidates.
Respondents in India listed what cyber security professionals are lacking: Cloud computing (50 per cent), soft skills (43 per cent), security controls (43 per cent), network related topics (41 per cent), and pattern analysis (35 per cent) as being the biggest skills gaps they see today.
To mitigate these technical skills gaps, respondents indicate their top five approaches are training non-security staff who are interested in moving into security roles (55 per cent), increasing use of reskilling programs (46 per cent), using performance-based training (33 per cent), leveraging AI/automation (32 per cent), and increasing usage of contract employees or outside consultants (30 per cent).
“The soft skills gaps we see among cyber security professionals are part of a concerning systemic issue that our industry needs to take seriously,” said Jon Brandt, ISACA’s director of Professional Practices and Innovation. “While there is no simple solution, addressing these needs with a collaborative approach that goes beyond traditional academia to involve hands-on training, mentorship, and other learning pathways can make an impact not only on individual skillsets and enterprise security outcomes, but also on the integrity of the profession as a whole.”
When looking at the cyber security threat landscape, nearly 55 per cent of Indian respondents indicated that their organisation is experiencing more cyber attacks compared to a year ago. Despite the difficult threat landscape, 63 per cent are very or completely confident in their cyber security team’s ability to detect and respond to cyber threats.
