-

State of the Cybersecurity Workforce: New ISACA Research Shows Highest Retention Difficulties in Years

SCHAUMBURG, Ill.--(BUSINESS WIRE)--The Great Resignation is plaguing industries across the board—but it’s especially challenging within in-demand fields like cybersecurity. According to ISACA’s new survey report, State of Cybersecurity 2022: Global Update on Workforce Efforts, Resources and Cyberoperations, organizations are struggling more than ever with hiring and retaining qualified cybersecurity professionals and managing skills gaps.

The eight annual survey features insights from more than 2,000 cybersecurity professionals around the globe, and examines cybersecurity staffing and skills, resources, cyberthreats and cybersecurity maturity.

Hiring and retention challenges

As in past years, filling cybersecurity roles and retaining talent continues to be a challenge for many enterprises. Sixty-three percent of respondents indicate they have unfilled cybersecurity positions, up eight percentage points from 2021. Sixty-two percent report that their cybersecurity teams are understaffed. One in five say it takes more than six months to find qualified cybersecurity candidates for open positions.

Sixty percent of respondents report difficulties retaining qualified cybersecurity professionals, up seven percentage points from 2021. The top reasons that cybersecurity professionals are leaving their jobs include:

  1. Recruited by other companies (59 percent)
  2. Insufficient salary or bonus (48 percent)
  3. Limited advancement opportunities (47 percent)
  4. High stress levels (45 percent)
  5. Poor management support (34 percent)

Skills gaps and mitigation

Respondents note that the top skills gaps they see in today’s cybersecurity professionals are soft skills (54 percent), cloud computing (52 percent) and security controls (34 percent). Soft skills also top the list of skills gaps among recent graduates, at 66 percent.

To address these skills gaps, respondents note that cross training of employees and increased use of contractors and consultants (up five percentage points from the year prior) are the main ways they mitigate technical skill gaps. Just over half (52 percent) say their enterprises require university degrees, a six-percentage-point decrease from 2021.

“The Great Resignation is compounding the long-standing hiring and retention challenges the cybersecurity community has been facing for years, and systemic changes are critical,” says Jonathan Brandt, ISACA Director, Professional Practices and Innovation. “Flexibility is key. From broadening searches to include candidates without degrees to providing support, training and flexible schedules that attract and retain qualified talent, organizations can move the needle in strengthening their teams and closing skills gaps.”

Budgets Leveling

Forty-two percent say their cybersecurity budgets are appropriately funded—the highest percentage in eight years, up five percentage points from 2021, and the most favorable report since ISACA began doing this survey. Fifty-five percent of respondents also expect their enterprises to have budget increases, while 38 percent expect no change, and multiyear data suggests budgets are leveling.

Threat Landscape

This year, 43 percent of respondents indicate that their organization is experiencing more cyberattacks, an eight-percentage-point increase from 2021.

Enterprise reputation (79 percent), data breach concerns (70 percent) and supply chain disruptions (54 percent) are the top concerns related to cyberattacks for respondents. While ransomware attacks top the headlines, the survey found that ransomware attacks have remained virtually unchanged from last year, at 10 percent. Other top types of cyberattacks experienced in the past year include:

  1. Social engineering (13 percent)
  2. Advanced persistent threat (12 percent)
  3. Security misconfiguration (10 percent)
    Ransomware (10 percent)
  4. Unpatched system (9 percent)
    Denial of service (9 percent)

Despite the threats they face, 82 percent of respondents—an all-time high, and a five-percentage-point increase from last year—indicate they are confident in their cybersecurity team’s ability to detect and respond to cyberthreats.

Cybermaturity

When it comes to cyberrisk assessments, 41 percent of survey respondents say their enterprises conduct them annually, up two percentage points from last year. One-third of respondents say their enterprise conducts them more than annually.

Learn More

Brandt and Mark St. John, senior vice president, product, at LookingGlass Cyber Solutions, will discuss these findings further in a free webinar taking place on 31 March at 12:00 PM EDT (4 PM UTC). To register, visit https://store.isaca.org/s/lt-event?id=a334w000004gM03AAE.

“It’s important to understand the trends across the community over time as well as how one’s organization compares. This is necessary information to help advance the field as a whole, and we’re proud to be a part of sharing and disseminating these insights,” says Mary Yang, Chief Marketing Officer at LookingGlass Cyber Solutions. “LookingGlass is thrilled to support the cybersecurity community by partnering with ISACA on this report.”

The State of Cybersecurity 2022 survey report is free at www.isaca.org/state-of-cybersecurity-2022.

About ISACA

ISACA leverages the expertise of its more than 150,000 members who work in information security, governance, assurance, risk and privacy to drive innovation through technology. It has a presence in 188 countries, including more than 220 chapters.

Contacts

Emily Van Camp, evcamp@isaca.org, +1.847.385.7223

ISACA



Contacts

Emily Van Camp, evcamp@isaca.org, +1.847.385.7223

More News From ISACA

ISACA Introduces the CISA Associate

SCHAUMBURG, Ill.--(BUSINESS WIRE)--Ninety-two percent of independent hiring managers agree that a Certified Information Systems Auditor (CISA) exam passer demonstrates significant skill in IT audit and possesses a hiring edge, according to a recent ISACA survey. ISACA now offers a new designation to recognize individuals who have realized this accomplishment—the CISA Associate. The new designation is designed for those students who have passed the CISA exam, and are ISACA members at any level,...

AI Use Is Outpacing Policy and Governance, ISACA Finds

LONDON--(BUSINESS WIRE)--Nearly three out of four European IT and cybersecurity professionals say staff are already using generative AI at work – up ten points in a year – but just under a third of organisations have put formal policies in place, according to new ISACA research. The use of AI is becoming more prevalent within the workplace, and so regulating its use is best practice. Yet not even a third (31%) of organisations have a formal, comprehensive AI policy in place, highlighting a disp...

ISACA Poll: 89% of Digital Trust Pros Say Increased AI Skills and Knowledge Needed to Retain Job or Advance Career Over Next Two Years

SCHAUMBURG, Ill.--(BUSINESS WIRE)--As artificial intelligence (AI) continues to reshape the workplace, new ISACA research reveals that digital trust professionals are feeling the pressure to upskill—or risk falling behind. ISACA’s 2025 AI Pulse Poll provides a crucial snapshot into how digital trust professionals and their organizations are approaching AI training and skill development, as well as the potential risks associated with AI adoption—ultimately shaping the future of work. ISACA’s ann...
Back to Newsroom