New ISACA Research: 59 Percent of 网络安全 Teams are Understaffed

发表日期: 2023年10月2日


美国伊利诺斯州绍姆堡—New cybersecurity data hones in on where cybersecurity pros come up short, 具备软技能, 云计算, and security controls emerging as the biggest skills gaps in today’s cybersecurity professionals, 根据ISACA的年度研究报告, 《澳门赌场官方软件》, Global Update on Workforce Efforts, 资源 and Cyberoperations.

Fifty-nine percent of cybersecurity leaders say their teams are understaffed, according to the ninth annual survey—which explores the latest cybersecurity threat landscape, 招聘挑战与机遇, 和预算, 有2个以上的见解,世界各地的安全领导人. 这份报告, 由Adobe赞助, also shows that 50 percent of respondents indicated that they have job openings for nonentry level roles, 相比之下,只有21%的人有初级职位的空缺.

The research indicates some strides have been made in addressing employee retention, 但这仍然是一个挑战. More than half (56 percent) of cybersecurity leaders say they have difficulty retaining qualified cybersecurity professionals, 尽管这个数字比去年下降了4个百分点.

继续减少员工留存问题可能很困难, 然而, given that benefits offered to cybersecurity pros have been declining—potentially driven by economic uncertainty. University tuition reimbursement dropped five percentage points to 28 percent, 招聘奖金下降了两个百分点, and reimbursement of certification fees dropped by a percentage point, 与2022年相比. 

当招聘, respondents say they are looking for the following top five technical skills in cybersecurity pros:

  1. 身份和访问管理(49%)
  2. 云计算(48%)
  3. 数据保护(44%)
  4. 事件响应(44%)
  5. DevSecOps (36%)

在看软技能时, 沟通(58%), 批判性思维(54%), 解决问题(49%), teamwork (45 percent) and attention to detail (36 percent) come in as the top five skills employers are seeking in cybersecurity job candidates. The skills of empathy (13 percent) and honesty (17 percent) came in lower in importance—a noteworthy finding given that 62 percent of respondents believe organizations underreport cybercrime.

Respondents examined where cybersecurity professionals are lacking—citing soft skills (55 percent), 云计算(47%), 安全控制(35%), coding skills (30 percent) and software development-related topics (30 percent) as being the biggest skills gaps they see today.

以减轻这些技术技能差距, respondents indicate their top three approaches are training nonsecurity staff who are interested in moving into security roles (45 percent), increasing usage of contract employees or outside consultants (38 percent), 越来越多地使用再培训课程(21%). 在解决非技术技能差距时, 组织正在利用在线学习网站(53%), 指导(46%), corporate training events (42 percent) and academic tuition reimbursement (20 percent), though the use of tuition reimbursement has fallen by four percentage points.

“The soft skills gaps we see among cybersecurity professionals are part of a concerning systemic issue that our industry needs to take seriously,乔恩·勃兰特说, ISACA导演, 专业实践与创新. “虽然没有简单的解决办法, addressing these needs with a collaborative approach that goes beyond traditional academia to involve hands-on training, 指导, and other learning pathways can make an impact not only on individual skillsets and enterprise security outcomes, 也对整个行业的诚信有影响.”

在审视网络安全威胁形势时, nearly 48 percent indicate that their organization is experiencing more cyberattacks compared to a year ago. 尽管面临严峻的威胁形势, only 42 percent have a high degree of confidence in their cybersecurity team’s ability to detect and respond to cyber threats.

The top three attack concerns remain the same as last year—enterprise reputation (79 percent), data breach concerns (69 percent) and supply chain disruptions (55 percent). Respondents also indicated that social engineering (15 percent) remains the main type of cyberattack they experience, 增长两个百分点. 接下来是:

  • 高级持续威胁(11%)
  • 勒索软件(10%)
  • 安全配置错误(10%)
  • 未打补丁的系统(10%)
  • 拒绝服务(9%)
  • 敏感数据暴露(9%)

Seventy-eight percent of survey respondents say demand for technical cybersecurity individual contributors will increase in the next year, and nearly half (48 percent) expect an increased demand for cybersecurity managers. More than half (51 percent) believe that cybersecurity budgets will at least somewhat increase as well next year. 

“The cybersecurity workforce specifically faces a significant talent gap. Adobe believes that great talent can come from anywhere – and sustained investment both by our industry and governments worldwide will be critical to developing a diverse pipeline of talent to help us all address this growing gap,Maarten Van Horenbeeck说, Adobe的高级副总裁和首席安全官. “This is especially critical when it comes to being able to respond to the evolving complexity and ingenuity in the cybersecurity threat landscape, 人工智能技术加速.”

Brandt and Van Horenbeeck will discuss these findings further in a webinar taking place on 3 October at 12:00 PM EDT (16:00 UTC). 如欲登记,请浏览 = a334w000005hEsVAAU.

赠送的副本 《澳门赌场官方软件》 调查报告可在以下网址查阅 - -网络安全- 2023,以及相关资源. 更多的网络安全资源可以在


ISACA® ( is a global community advancing individuals and organizations in their pursuit of digital trust. 50多年了, ISACA为个人和澳门赌场官方下载提供了相关知识, 凭证, 教育, 培训和澳门赌场官方下载发展他们的事业, 改变他们的组织, 建立一个更可信、更有道德的数字世界. ISACA is a global professional association and learning organization that leverages the expertise of its more than 170,000 members who work in digital trust fields such as information security, 治理, 保证, 风险, 隐私和质量. 它在188个国家设有分支机构,在全球设有225个分会. 通过其基金会One In Tech, ISACA supports IT 教育 and career pathways for underresourced and underrepresented populations. 

