By Ashwani Mishra, Editor-Technology, 63SATS
Cybersecurity teams are increasingly feeling the pressure as the threat landscape becomes more challenging and dynamic, according to a recent survey by ISACA.
With cyberattacks on the rise and complexity escalating, security professionals are reporting unprecedented stress levels, highlighting critical lessons for CISOs and security leaders worldwide.
The survey found that 68% of cybersecurity professionals say their roles have become more stressful compared to five years ago, largely due to the rapidly evolving cyber threat landscape. The constant need to adapt to new challenges has taken a toll on their well-being, and the reasons for this stress are manifold.
One key factor is the lack of proper training and resources for security staff.
As the landscape evolves, 40% of respondents cited insufficient training as a major concern, while nearly half (47%) pointed to challenges in hiring and retaining skilled talent. These challenges are making it difficult for teams to keep pace with increasingly sophisticated attacks.
Only 38% of cybersecurity professionals expressed high confidence in their team’s ability to detect and respond to cyber threats effectively. The rest are left struggling, often overwhelmed by an increase in attacks, with 41% saying they’ve seen a rise in the number of threats targeting their organizations.
The most common attack vectors included social engineering (16%), unpatched systems leading to denial-of-service attacks (13%), and malware (12%).
Lessons for CISOs and Security Leaders:
- Prioritize Training and Upskilling: In a rapidly changing environment, ongoing training is essential. Security leaders need to invest in continuous learning for their teams to help them adapt to new threats effectively.
- Strengthen Hiring and Retention: Addressing hiring and retention challenges must be a priority. The survey reveals that 61% of organizations admit to having understaffed cybersecurity teams, yet many have no entry-level positions available, and 38% have no open positions at all. Leaders need to rethink their approach to building a pipeline of talent and offer opportunities for growth.
- Advocate for Budget Increases: Almost half of the respondents (45%) say their budgets are too low, which directly impacts their ability to manage cyber risks. Security leaders need to advocate for adequate funding to ensure that they have the right tools, personnel, and resources to protect their organizations effectively.
- Elevate Cybersecurity as a Business Priority: A third of cybersecurity professionals reported that cybersecurity risks are not sufficiently prioritized in their organizations. CISOs must work with executive teams to elevate the conversation around cyber risk and integrate cybersecurity into the broader business strategy.
The findings underscore a growing disconnect between the increasing sophistication of cyber threats and the resources available to counter them. For organizations to stay secure, CISOs must take a proactive approach to address these challenges—building resilient teams, enhancing capabilities, and advocating for the importance of cybersecurity at the board level
