In India, 60% indicate they have unfilled cybersecurity positions, an 11-percentage-point increase from 2021
India ranks second only to the US in most security threats on the cloud, followed by Australia, Canada, and Brazil (according to McCafe Enterprise Advanced Threat Research Report). Cybersecurity skills demand in the country is slated to grow, reflecting the global trend of an increasing skills gap in cybersecurity and a workforce unable to meet industry demand.
Organizations are struggling more than ever with hiring and retaining qualified cybersecurity professionals and managing skills gaps, according to ISACA’s new survey report, State of Cybersecurity 2022: Global Update on Workforce Efforts, Resources, and Cyber Operations, sponsored by Looking Glass Cyber Solutions. This year’s survey results in India depict that 60% of the organizations have unfilled cybersecurity positions and that 42% report their organization’s cybersecurity team is understaffed. Even more concerning is that 59% believe that less than half of their applicants are well qualified for the position they are applying for.
Hiring and retention challenges
As in past years, filling cybersecurity roles and retaining talent continues to be a challenge for many enterprises. Sixty-three percent of global respondents indicate they have unfilled cybersecurity positions and India reflects the same trend with 60% unfilled positions. Sixty-two percent of India-based respondents say it takes three to six months for their organizations to find qualified cybersecurity candidates for open positions, compared to 47% globally. For respondents in India, the top factors hiring managers use to determine whether a candidate is qualified are prior hands-on cybersecurity experience (77%), credentials (45%), and hands-on training (38%). Two in three (65%) respondents report difficulties retaining qualified cybersecurity professionals, a 14 percentage-point increase from 2021. The top reasons that Indian respondents believe cybersecurity professionals are leaving their jobs to include:
- Poor financial incentives in terms of salary or bonus (51%)
- Limited promotion and development opportunities (50%)
- Recruited by other companies (47%)
- High work stress levels (38%)
- Lack of management support (38%)
Skills gaps and mitigation
Respondents from India indicate they are looking for a range of skills in candidates, noting the top skills gaps they see in today’s cybersecurity professionals are soft skills (53%), cloud computing (48%)—a new response option for this question—and security controls implementation (42%). Soft skills are also the second-highest skills gap cited for recent graduates (after security controls) and have seen an 11-percentage-point increase in perception as a skills gap among Indian respondents since 2021.
The top three most required security skills are cloud computing (51%), identity & access management (45%), and data protection (44%). Among the top soft skills deemed important are critical thinking (53%), communication (52%), and problem-solving (44%).
Fifty-nine percent of respondents in India believe that less than half of their applicants are well qualified for the position for which they are applying. India-based respondents note that their organizations are undertaking multiple measures to decrease cybersecurity skills gaps such as training to allow non-security staff who are interested to move into security roles (58%), increased use of reskilling programs (44%), increased usage of consultants and external staff (38%), and increased use of performance-based training (36%).
Speaking at a press briefing to unveil the report, Chris Dimitriadis, ISACA Chief Global Strategy Officer, said, “Challenges in hiring and retaining cybersecurity professionals have impacted organizations around the world for years, and have only become more complex amid the pandemic and larger shifts in the global workforce.”
R.V Raghu, ISACA Ambassador in India and past ISACA board director, added, “A strong cybersecurity workforce with cutting-edge skills is essential in the face of evolving technology and an ever-changing cyber threat landscape to support much-needed digital trust. Hands-on training, credentials, networking, and sharing best practices through the cybersecurity community globally and in India, can help cybersecurity professionals not only strengthen their skillsets and keep advancing their careers but also ensure they are keeping their enterprises protected against the latest cyber threats.”
This year, 33% of respondents in India indicate that their organization is expereincing cyber-attack compared to a year ago. When asked about their main concerns related to cyberattacks, organizational reputation (86%), data breach concerns (78%), and cyber-attack on supply chain or business disruption (63%) rank top of mind for India-based respondents. They also indicated that the top types of cyber-attacks they experienced in the past year include:
- Advanced persistent threats (18%)
- Ransomware (14%)
- Denial of services (13%)
- Injection flaws (12%)
- Sensitive data exposure (12%)
Despite the threats they face, 79% of respondents in India indicate they are confident in their organization’s cybersecurity team’s ability to detect and respond to cyber threats.
When it comes to cyber risk assessments, 77% of respondents based in India say their organization currently assesses its cyber maturity. Eighty-six% say their executive leadership team sees value in conducting a cyber risk assessment and 35% say their organization performs a cyber risk assessment every 1-to 6 months.
While 48% of respondents in India opine that their cybersecurity budgets are appropriately funded, 31% perceive their budget is underfunded, compared to 54% globally. Fifty-nine percent of Indian respondents expect some level of increase in cybersecurity budgets, while only 17% of respondents in India, almost half of the global number of 38%, expect no change in budgets.