Dawn Hudson - Fotolia

News Stay informed about the latest enterprise technology news and product updates.

ISACA: Majority of enterprises report cybersecurity workforce shortage

In its new 2015 Global Cybersecurity Status Report, ISACA finds that most organizations are aware of cyberattack risk, but few believe they have the capability to thwart a sophisticated attack.

Research from a prominent information technology association indicates that a majority of global enterprises see cyberattacks as a top business threat, but are unable to fend off sophisticated attacks, in part due to the shortage of skilled information security professionals.

Today ISACA, a Rolling Meadows, Ill.-based IT consortium, released its 2015 Global Cybersecurity Status Report, based on a survey of more than 3,400 business and IT professionals in nearly 130 countries, though approximately 43% of respondents live in North America.

ISACA found a growing awareness of cybersecurity among respondents: 46% indicated they expect their organizations will face a cyberattack this year, and 83% cited cyberattacks as one of the top three threats facing organizations today.

Yet only 38% were confident that their organizations were prepared to fend off a sophisticated cyberattack, and that may be in part because of the longstanding cybersecurity workforce shortage: 86% of respondents acknowledged that there is indeed a global shortage of skilled cybersecurity professionals.

"As the world grapples simultaneously with escalating cyberattacks and a growing skills shortage, ISACA believes that it is absolutely essential to develop and train a robust cybersecurity workforce," said Robert E. Stroud, international president of ISACA and vice president of strategy and innovation at New York-based CA Technologies Inc., in a statement. 

However, respondents indicated that identifying a qualified information security professional is a difficult task for enterprises, particularly when considering job candidates who lack experience. When hiring new graduates for entry-level cybersecurity positions, 54% of those who took the survey said it is difficult to identify who has an adequate level of skills and knowledge.

The shortage of capable information security professionals has been long-discussed; Cisco Systems Inc. last year estimated the security industry could use at least 1 million more people, while (ISC)2 Inc. has intimated the shortage is even worse.

ISACA itself has conservatively estimated that the cybersecurity industry needs between 600,000 and 900,000 more people to meet the demand. In an effort to address the shortfall, the consortium last year launched the Cybersecurity Nexus, a multistage career-development program designed to not only help usher new infosec pros into the field, but also offer research, guidance, certificates and certifications, education, mentoring and community collaboration to support ongoing skills development and career advancement.

"With an unemployment rate of approximately 2%, there is a critical shortage of professionals in the cybersecurity field," said Marc Noble, ISACA's cybersecurity practices manager, in a statement. "The need for cyber professionals is growing exponentially along with the growth in networks and applications that are proliferating among the public."

Nearly 25% of ISACA's 120,000 members worldwide work in information security. In October the organization will hold its first CSX information security conference in Washington, D.C.

Next Steps

Executive Editor Eric Parizo discusses how non-traditional employee recruitment may remedy security hiring woes.

Dig Deeper on Information security certifications, training and jobs