Schaumburg, IL, USA — On October 1 sixty-six percent of cybersecurity professionals say their role is more stressful now than it was five years ago, according to the newly released 2024 State of Cybersecurity survey report from ISACA, a global professional association advancing trust in technology.
The annual study, sponsored by Adobe, showcases the feedback of more than 1,800 cybersecurity professionals on topics related to the cybersecurity workforce and threat landscape. According to the data, the top reasons for this increased stress are:
- An increasingly complex threat landscape (81 percent)
- Low budget (45 percent)
- Worsening hiring/retention challenges (45 percent)
- Insufficiently trained staff (45 percent)
- Lack of prioritization of cybersecurity risks (34 percent).
Increasing Cybersecurity Attacks
In line with this sentiment around challenging threats, 38 percent of organizations are experiencing increased cybersecurity attacks, compared to 31 percent a year ago. These top attack types include social engineering (19 percent), malware (13 percent), unpatched system (11 percent) and Denial of Service (11 percent).
On top of that, nearly half (47 percent) expect a cyberattack on their organization in the next year, and only 40 percent have a high degree of confidence in their team’s ability to detect and respond to cyber threats.
“Social engineering attacks, such as phishing, are a growing concern for organizations as human error remains a major factor in data breaches," said Mike Mellor, VP of Cyber Operations at Adobe. "With the increasing frequency and sophistication of these attacks, it’s essential for organizations to adopt secure authentication methods to strengthen their defenses. Adobe believes that fostering a deep security culture among all employees through anti-phishing training and stronger controls such as zero-trust networks protected by phishing-resistant authentication are essential in safeguarding any organization.”
Resource Challenges
Despite an increasingly tricky threat landscape, the survey shows cybersecurity budgets and staffing need to catch up. More than half (51 percent) say that cyber budgets are underfunded (up from 47 percent in 2023), and only 37 percent expect budgets to increase next year.
Though 57 percent of organizations say their cybersecurity teams are understaffed, hiring has slightly slowed:
- 38 percent of organizations have no open positions, compared to 35 percent last year,
- 46 percent of organizations have non-entry level cybersecurity positions open, compared to 50 percent last year.
- 18 percent have entry-level positions open, compared to 21 percent last year.
Skills and Retention Trends
Employers seeking qualified candidates for open roles prioritize prior hands-on experience (73 percent) and credentials held (38 percent). Respondents indicate that the primary skills gaps in cybersecurity professionals are soft skills (51 percent)—especially communication, critical thinking, and problem-solving—and cloud computing (42 percent).
For the more than half of survey respondents (55 percent) who reported having difficulties retaining qualified cyber candidates, the main reasons for leaving included being recruited by other companies (50 percent, down eight points from 2023), poor financial incentives (50 percent), limited promotion and development opportunities (46 percent), and high work stress levels (46 percent).
“Employers should home in on the occupational stress their digital defenders face. This is an opportunity for employers to explore ways to support staff before burnout and attrition occur,” says Jon Brandt, ISACA Director, Professional Practices and Innovation. “Employees want to feel valued. As the leadership adage goes, take care of your people, and they'll take care of you.”
ISACA is a global community that has been around for over 50 years. It helps people and organizations build digital trust and provides knowledge, credentials, education, and training. ISACA has more than 180,000 members who work in fields like information security and risk management. ISACA operates in 188 countries and has 225 chapters worldwide. The ISACA Foundation supports IT education for underrepresented groups. ISACA's goal is to create a more trusted and ethical digital world.
