State of Cybersecurity 2020 Persistent Hiring Challenges and Retention Issues Demand New Talent Pipelines New global research from ISACA shows little progress—and, in some cases, worse results—when it comes to cybersecurity hiring and retention. 62 % 57% say their organization’s cybersecurity team is understaffed say they currently have unfilled cybersecurity positions on their team Cybersecurity Hiring Challenges Show No Improvement 32% say it takes six months or more to fill an open cybersecurity position with a qualified candidate 72 % 70% of cybersecurity professionals believe that their HR department does not regularly understand the needs say fewer than half of cybersecurity applicants are well qualified THE TOP THREE 81% Most important factors in determining if a cybersecurity candidate is qualified are: Hands-on training 89% Credentials 95% 0 20 40 60 80 Hands-on cybersecurity experience 100 Retention Concerns Increase TOP 5 REASONS Respondents say cybersecurity staff are leaving: Skills Gaps Persist 1 59% Recruited by other companies 2 50% Limited promotion and development opportunities 50% Poor financial incentives 3 40% High work stress levels 4 39% Lack of management support 66 % 10% 13% TOP 5 16% Skills Gaps 32% say it’s difficult to retain cybersecurity talent (an increase from last year) Slight Progress in Gender Diversity Initiatives 81% 30% Soft skills +7% IT knowledge and skills gaps Insufficient business insight 61% Cybersecurity technical experience Insufficient hands-on training of respondents say men and women are offered equal opportunities for career advancements at their organization The percentage of women who say opportunities are equal increased 7 points year over year. of cybersecurity teams still have significantly more men than women O N LY 27% +3% 64% indicate some progress toward increasing the number of women in cybersecurity roles However, the number of teams reporting equal numbers of men and women increased by 3 percentage points this year say recent university graduates in cybersecurity are well-prepared for the cybersecurity challenges they’ll face Only 13% say that progress is significant 13% 49% 78% of organizations have a diversity program in place to support female cybersecurity professionals say demand for technical cybersecurity individual contributor roles will increase over the next 12 months NEXT STEPS How Can Organizations Take Action Now? 1 2 3 4 Invest in existing employees through both financial incentives and training. Offer a pipeline to cybersecurity positions for current non-cyber staff. Look to nontraditional recruiting, such as apprenticeships, government programs or hosting a cybersecurity competition. Waive university degree requirements in recognition of the nontraditional paths to cybersecurity careers. Get a free copy of ISACA’s State of Cybersecurity 2020 research at www.isaca.org/state-of-cybersecurity-2020 © 2020 ISACA. All rights reserved.
