According to recent research by ISACA [4] [5], cybersecurity professionals are facing an increase in cyber-attacks [1] [2] [3] [4] [5] [6], with over half (52%) reporting a rise compared to the previous year. This surge in attacks is primarily attributed to a lack of human resources, as nearly two-thirds (62%) of respondents state that their cybersecurity teams are understaffed [3] [6].


The study conducted by ISACA highlights several concerning trends in cybersecurity. Firstly, less than 10% of organizations perform monthly cyber risk assessments [2] [5] [6], leaving them vulnerable to attacks and undetected breaches [5] [6]. This lack of regular assessment exposes businesses to potential threats. Additionally, the research reveals a global workforce shortfall of 3.4 million in cybersecurity [2], which further contributes to organizations not adequately measuring and testing their cyber defenses. Notably, 39% of organizations with unfilled cybersecurity roles are seeking to fill entry-level positions that do not require experience or a university degree [2].

To address the cyber skills gap [6], ISACA emphasizes the importance of finding individuals with the right skills to manage cybersecurity and protect businesses [4] [6], supply chains [3] [4] [6], and public sector bodies [3] [4] [6]. They suggest various strategies, including upskilling non-security staff [6], increasing the use of contractors or external consultants [6], and implementing reskilling programs [6]. Cybersecurity professionals consider hands-on experience [2] [4] [6], credentials [2] [4] [6], and completion of training courses as crucial qualifications for candidates [4] [6]. Encouraging and nurturing talent in the cybersecurity industry is vital for maintaining cyber resilience in an ever-evolving threat landscape [6].


The findings of this research have significant implications for organizations and the cybersecurity industry as a whole. The increase in cyber-attacks coupled with the shortage of skilled professionals highlights the urgent need for proactive measures. Organizations must prioritize regular cyber risk assessments to identify vulnerabilities and strengthen their defenses. Addressing the workforce shortfall requires a multi-faceted approach, including upskilling existing staff, leveraging external expertise, and investing in reskilling programs. By taking these steps, businesses can enhance their cyber resilience and protect themselves from evolving threats in the digital landscape.