Loading...

60% of Indian firms have unfilled cybersecurity positions: Report

60% of Indian firms have unfilled cybersecurity positions: Report
Photo Credit: 123RF.com
30 Mar, 2022
Loading...

While cyberattacks are incessantly on the rise in India, there continues to be a dearth of adequate cybersecurity professionals to secure and manage the online space.  

A new report published by global IT association ISACA revealed that in India, 60% of the organisations have unfilled cybersecurity positions (an 11-percentage-point increase from 2021) and that 42% report their cybersecurity team is understaffed. Even more concerning is that nearly 60% believe that over half of their applicants are poorly qualified for the position they are applying.   

ISACA’s eighth annual cybersecurity survey that featured insights from more than 2,000 cybersecurity professionals also said that nearly two-thirds of the respondents in India said it takes 3-6 months for their organisation to fill a cybersecurity position with a qualified candidate. 

Loading...

Organisations are struggling more than ever with hiring and retaining qualified cybersecurity professionals and managing skills gaps, according to the report. Sixty-five per cent say their organisation has experienced difficulty in retaining qualified cybersecurity professionals, a 14-percentage-point increase from last year’s cybersecurity report. 

Also read: Over 60% businesses were unable to launch new projects fearing cyber risks

In India, the top factors hiring managers use to determine whether a candidate is qualified are prior hands-on cybersecurity experience (77%), credentials (45%) and hands-on training (38%). Two in three (65%) respondents report difficulties retaining qualified cybersecurity professionals, a 14 percentage-point increase from 2021. 

Loading...

The report also cites the key reasons India cybersecurity professionals are leaving their jobs that include poor financial incentives in terms of salary or bonus, limited promotion and development opportunities, high work stress levels and lack of management support, among others, the study said. 

“Challenges in hiring and retaining cybersecurity professionals have impacted organisations around the world for years, and have only become more complex amid the pandemic and larger shifts in the global workforce,” observed Chris Dimitriadis, ISACA’s Chief Global Strategy Officer. 

Respondents from India indicate they are looking for a range of skills in candidates, noting the top skills gaps they see in today’s cybersecurity professionals are soft skills (53%), cloud computing (48%) and security controls implementation (42%). Soft-skills is also the second-highest skills gap cited for recent entrants in this field. 

Loading...

Often cybersecurity budgets are to be blamed, as 31% cybersecurity professionals in India perceive their budget is underfunded and one-fifth expect no change in budgets in the next one year.   

“A strong cybersecurity workforce with cutting-edge skills is essential in the face of evolving technology and an ever-changing cyber threat landscape to support much needed digital trust,” said RV Raghu, ISACA Ambassador in India and ex-ISACA board director. 

He added that hands-on training, credentials, networking and sharing best practices through the cybersecurity community globally and in India, can help cybersecurity professionals not only strengthen their skillsets and keep advancing their careers, but also ensure they are keeping their enterprises protected against the latest cyber threats. 

Loading...

Also read: Ransomware attacks on Indian firms tripled in 2021; Maharashtra most-targeted state

The silver lining is that indeed some organisations are undertaking multiple measures to decrease cybersecurity skills gaps such as training of non-security staff who are interested to move into security roles (58%), increased use of reskilling programmes (44%), increased usage of consultants and external staff (38%), and increased use of performance-based training (36%). 

Also, over three-fourths of the respondents based in India say their organisation currently assesses its cyber maturity (and 35% say their organisation performs a cyber risk assessment every 1-6 months). 

Loading...

However, with the number of security threats increasing by the day however, the (India ranks second only to the US in most on cloud, followed by Australia, Canada and Brazil, according to McCafe Enterprise Advanced Threat Research Report), these results clearly indicate there’s a long way to go.