In India, 60% of the organisations have unfilled cybersecurity positions and 42% report their organisation’s cybersecurity team is understaffed, reveals the eighth annual cybersecurity survey from global IT association ISACA.

Even more concerning is that 59% believe that less than half of their applicants are well qualified for the position they are applying.

Organisations are struggling more than ever with hiring and retaining qualified cybersecurity professionals and managing skills gaps, says the  ISACA’s new survey report, State of Cybersecurity 2022: Global Update on Workforce Efforts, Resources and Cyber Operations, sponsored by Looking Glass Cyber Solutions.

India ranks second only to the US in most security threats on cloud, followed by Australia, Cannada and Brazil (according to McCafe Enterprise Advanced Threat Research Report).  Cybersecurity skills demand in the country is slated to grow, reflecting the global trend of an increasing skills gap in cybersecurity and a workforce unable to meet industry demand. 

Hiring and retention challenges

Filling cybersecurity roles and retaining talent continue to be a challenge for many enterprises. Sixty-three percent of global respondents indicate they have unfilled cybersecurity positions and India reflects the same trend with 60% unfilled positions. 

Sixty-two percent of India-based respondents say it takes three to six months for their organisations to find qualified cybersecurity candidates for open positions, compared to 47% globally. For respondents in India, the top factors hiring managers use to determine whether a candidate is qualified are prior hands-on cybersecurity experience (77%), credentials (45%) and hands-on training (38%). Two in three (65%) respondents report difficulties retaining qualified cybersecurity professionals, a 14 percentage -point increase from 2021. 

The top reasons that India respondents believe cybersecurity professionals are leaving their jobs include:

• Poor financial incentives in terms of salary or bonus (51%)
• Limited promotion and development opportunities (50%)
• Recruited by other companies (47%)  
• High work stress levels (38%)
• Lack of management support (38%)

Skills gaps and mitigation

Respondents from India indicate they are looking for a range of skills in candidates, noting the top skills gaps they see in today’s cybersecurity professionals are soft skills (53%), cloud computing (48%)—a new response option for this question—and security controls implementation (42%). Soft skills are also the second-highest skills gap cited for recent graduates (after security controls), and has seen an 11-percentage-point increase in perception as a skills gap among Indian respondents since 2021. 

The top three most required security skills are cloud computing (51%), identity and access management (45%) and data protection (44%). Among the top soft skills deemed important are critical thinking (53%), communication (52%) and problem solving (44%).

Fifty-nine percent of respondents in India believe that less than half of their applicants are well qualified for the position for which they are applying. India-based respondents note that their organisations are undertaking multiple measures to decrease cybersecurity skills gaps such as training to allow non-security staff who are interested to move into security roles (58%), increased use of reskilling programmes (44%), increased usage of consultants and external staff (38%), and increased use of performance-based training (36%). 

Threat landscape 

This year, 33% of respondents in India indicate that their organisation is experiencing more cyberattacks compared to a year ago. When asked about their main concerns related to cyberattacks, organisational reputation (86%), data breach concerns (78%) and cyber-attack on supply chain or business disruption (63%) rank top of mind for India-based respondents. They also indicated that the top types of cyber-attacks they experienced in the past year include:

• Advanced persistent threats (18%)
• Ransomware (14%)
• Denial of services (13%)
• Injection flaws (12%)
• Sensitive data exposure (12%)

Despite the threats they face, 79% of respondents in India indicate they are confident in their organisation’s cybersecurity team’s ability to detect and respond to cyber threats. 

Cyber maturity

When it comes to cyber risk assessments, 77% of respondents based in India say their organisation currently assesses its cyber maturity. Eighty-six percent say their executive leadership team sees value in conducting a cyber risk assessment and 35% say their organisation performs a cyber risk assessment every 1-6 months.  

Cybersecurity budgets

While 48% of respondents in India opine that their cybersecurity budgets are appropriately funded, 31% perceive their budget is underfunded, compared to 54% globally. Fifty-nine percent of India respondents expect some level of increase in cybersecurity budgets, while only 17% of respondents in India, almost half of the global number of 38%, expect no change in budgets.

“Challenges in hiring and retaining cybersecurity professionals have impacted organisations around the world for years, and have only become more complex amid the pandemic and larger shifts in the global workforce. ISACA is addressing those challenges globally by building a workforce of digital trust professionals, who have more holistic and correlated views from the adjacent professions of cybersecurity, IT audit, risk, privacy and digital technology governance, while also offering state of the art tools in cyber maturity assessments,” said Chris Dimitriadis, ISACA chief global strategy officer.

 “A strong cybersecurity workforce with cutting-edge skills is essential in the face of evolving technology and an ever-changing cyber threat landscape to support much needed digital trust. Hands-on training, credentials, networking and sharing best practices through the cybersecurity community globally and in India, can help cybersecurity professionals in India not only strengthen their skillsets and keep advancing their careers, but also ensure they are keeping their enterprises protected against the latest cyber threats,” added R V Raghu, ISACA Ambassador in India and past ISACA board director.

Mary Yang, chief marketing officer at Looking Glass Cyber Solutions said it is important to understand the trends across the community over time as well as how one’s organisation compares. “This is necessary information to help advance the field as a whole, and we’re proud to be a part of sharing and disseminating these insights,” said Yang.

The survey features insights from more than 2,000 cybersecurity professionals around the globe, and examines cybersecurity staffing and skills, resources, cyber threats and cybersecurity maturity