'Great Resignation' Depletes Already Hard-to-Find Cybersecurity Talent
Survey after survey in the IT industry point to one common pain point: finding cloud computing, cybersecurity and other tech talent to fulfill enterprise initiatives. It was bad before the wave of pandemic-spurred job-quitting and apparently has only gotten worse. And that's during a time of increasing ransomware and other cybersecurity attacks.
"The Great Resignation is plaguing industries across the board -- but it's especially challenging within in-demand fields like cybersecurity," said the ISACA in announcing a new survey report titled "State of Cybersecurity 2022: Global Update on Workforce Efforts, Resources and Cyberoperations."
Furthermore, said the international professional association focused on IT governance, "Organizations are struggling more than ever with hiring and retaining qualified cybersecurity professionals and managing skills gaps."
This is the eight annual survey from the organization, providing insights from more than 2,000 cybersecurity professionals around the globe in an examination of cybersecurity staffing and skills, resources, cyberthreats and cybersecurity maturity.
Its finding that mass resignations during the pandemic only exacerbated a serious pre-existing problem is evidenced by articles that report the cited struggle in "managing skills gaps" such as:
"As in past years, filling cybersecurity roles and retaining talent continues to be a challenge for many enterprises," the ISACA said. "Sixty-three percent of respondents indicate they have unfilled cybersecurity positions, up eight percentage points from 2021. Sixty-two percent report that their cybersecurity teams are understaffed. One in five say it takes more than six months to find qualified cybersecurity candidates for open positions."
What's more, some 60 percent of respondents said it was hard to retain cybersecurity professionals, a number that's up seven percentage points from last year. One of the causes of that is the poaching of talent from other organizations, as the top reasons cited for leaving jobs include:
- Recruited by other companies (59 percent)
- Insufficient salary or bonus (48 percent)
- Limited advancement opportunities (47 percent)
- High stress levels (45 percent)
- Poor management support (34 percent)
Other highlights of the report as presented by ISACA include:
- Any positive effect that the global COVID-19 pandemic had on retention last year wore off. Enterprises are engaged in a powerful battle to retain cybersecurity staff.
- Soft skills and cloud-computing skills are the top two skill gaps that survey respondents see in today's cybersecurity professionals. Regarding recent university graduates, respondents highlight soft skills again this year as the area of greatest concern; however, technical skills appear to be improving.
- To address skill gaps, cross training of employees and increased use of contractors and consultants remain primary mitigations.
- The trend to require a university degree for entry-level cybersecurity positions is reversing. A smaller percentage of enterprises are requiring university degrees.
The survey was conducted in the fourth quarter of 2021, polling a global population of cybersecurity professionals who hold the ISACA Certified Information Security Manager (CISM) certification or who registered information security job titles.
Note that the cybersecurity talent shortage is so severe that sister publication RedmondMag this week reported: "Microsoft Expanding Cybersecurity Worker Shortage Initiative."
"In three years there will be 3.5 million vacant cybersecurity jobs across the globe," the article says. "And that's going to lead to real problems in addressing the growing threat landscape, according to Microsoft."
David Ramel is an editor and writer for Converge360.