According to McCafe Enterprise Advanced Threat Research Report, India ranks second only to the US in most security threats on the cloud, followed by Australia, Cannada, and Brazil. Cybersecurity skills demand in the country is slated to grow, reflecting the global trend of an increasing skills gap in cybersecurity and a workforce unable to meet industry demand.
The eighth annual cybersecurity survey from the reputed global IT association ISACA, unveiled in India recently, revealed a surge in cybersecurity hiring and retention challenges in the country.
According to ISACA’s new survey report, State of Cybersecurity 2022: Global Update on Workforce Efforts, Resources, and Cyber Operations, sponsored by Looking Glass Cyber Solutions, organizations are struggling more than ever with hiring and retaining qualified cybersecurity professionals and managing skills gaps.
According to ISACA’s reports, this year’s survey results in India depict that 60% of the organizations have unfilled cybersecurity positions and that 42% report their organization’s cybersecurity team is understaffed. Even more concerning is that 59% believe that less than half of their applicants are well qualified for the position they are applying for.
As in past years, filling cybersecurity roles and retaining talent continues to be a challenge for many enterprises. Sixty-three percent of global respondents indicate they have unfilled cybersecurity positions and India reflects the same trend with 60% unfilled positions. Sixty-two percent of India-based respondents say it takes three to six months for their organizations to find qualified cybersecurity candidates for open positions, compared to 47% globally.
For respondents in India, the top factors hiring managers use to determine whether a candidate is qualified are prior hands-on cybersecurity experience (77%), credentials (45%), and hands-on training (38%). Two in three (65%) respondents report difficulties retaining qualified cybersecurity professionals, a 14 percentage-point increase from 2021. The top reasons that Indian respondents believe cybersecurity professionals are leaving their jobs includes:
- Poor financial incentives in terms of salary or bonus (51%)
- Limited promotion and development opportunities (50%)
- Recruited by other companies (47%)
- High work stress levels (38%)
- Lack of management support (38%)
Skills gaps and mitigation
Respondents from India indicate they are looking for a range of skills in candidates, noting the top skills gaps they see in today’s cybersecurity professionals are soft skills (53%), cloud computing (48%)—a new response option for this question—and security controls implementation (42%). Soft skills is also the second-highest skills gap cited for recent graduates (after security controls), and has seen an 11-percentage-point increase in perception as a skills gap among Indian respondents since 2021.
The top three most required security skills are cloud computing (51%), identity & access management (45%), and data protection (44%). Among the top soft skills deemed important are critical thinking (53%), communication (52%), and problem-solving (44%).
Fifty-nine percent of respondents in India believe that less than half of their applicants are well qualified for the position for which they are applying. India-based respondents note that their organizations are undertaking multiple measures to decrease cybersecurity skills gaps such as training to allow non-security staff who are interested to move into security roles (58%), increased use of reskilling programs (44%), increased usage of consultants and external staff (38%), and increased use of performance-based training (36%).
Speaking at a press briefing to unveil the report, Chris Dimitriadis, ISACA Chief Global Strategy Officer, stated, “Challenges in hiring and retaining cybersecurity professionals have impacted organizations around the world for years, and have only become more complex amid the pandemic and larger shifts in the global workforce. ISACA is addressing those challenges globally by building a workforce of digital trust professionals, who have more holistic and correlated views from the adjacent professions of cybersecurity, IT audit, risk, privacy and digital technology governance, while also offering state of the art tools in cyber maturity assessments.”
R.V Raghu, ISACA Ambassador in India and past ISACA board director, stated, “A strong cybersecurity workforce with cutting-edge skills is essential in the face of evolving technology and an ever-changing cyber threat landscape to support much-needed digital trust. Hands-on training, credentials, networking, and sharing best practices through the cybersecurity community globally and in India, including through organizations like ISACA, can help cybersecurity professionals in India not only strengthen their skillsets and keep advancing their careers, but also ensure they are keeping their enterprises protected against the latest cyber threats.”
“It’s important to understand the trends across the community over time as well as how one’s organization compares. This is necessary information to help advance the field as a whole, and we’re proud to be a part of sharing and disseminating these insights,” stated Mary Yang, Chief Marketing Officer at Looking Glass Cyber Solutions. “Looking Glass is thrilled to support the cybersecurity community by partnering with ISACA on this report.”
Threat Landscape
This year, 33% of respondents in India indicate that their organisation is experiencing more cyberattacks compared to a year ago. When asked about their main concerns related to cyberattacks, organizational reputation (86%), data breach concerns (78%) and cyber-attack on supply chain or business disruption (63%) rank top of mind for India-based respondents. They also indicated that the top types of cyber-attacks they experienced in the past year include:
- Advanced persistent threats (18%)
- Ransomware (14%)
- Denial of services (13%)
- Injection flaws (12%)
- Sensitive data exposure (12%)
Despite the threats they face, 79% of respondents in India indicate they are confident in their organization’s cybersecurity team’s ability to detect and respond to cyber threats.
Cyber maturity
When it comes to cyber risk assessments, 77% of respondents based in India say their organization currently assesses its cyber maturity. Eighty-six% say their executive leadership team sees value in conducting a cyber risk assessment and 35% say their organization performs a cyber risk assessment every 1-6 months.
Cybersecurity Budgets
While 48% of respondents in India opine that their cybersecurity budgets are appropriately funded, 31% perceive their budget is underfunded, compared to 54% globally. Fifty-nine percent of Indian respondents expect some level of increase in cybersecurity budgets, while only 17% of respondents in India, almost half of the global number of 38%, expect no change in budgets.
Press Release received on Mail