Cybersecurity skills gap in India leaving enterprises vulnerable to attacks

A cybersecurity skills gap is leaving businesses vulnerable to attacks, with over 40% of CIO/CTOs in India stating that their cybersecurity teams are understaffed, according to a new report published on Wednesday. The study, based on cybersecurity association ISACA's ninth annual research report, State of Cybersecurity 2023, also reveals that nearly 55% of Indian respondents indicate that their organization is experiencing more cyber-attacks compared to a year ago. This increase is primarily due to various hiring and staffing challenges, as noted in the study sponsored by Adobe and based on insights from 113 security leaders in India.

Firms have identified cloud computing (50%), soft skills (43%), security controls (43%), network-related topics (41%), and pattern analysis (35%) as the most significant skills gaps in the cybersecurity field today, the report noted.

In fact, some of the top technical skills employers are seeking in cybersecurity professionals are in the areas of cloud computing (46%), penetration testing (42%), forensics (38%), identity and access management (38%), and data protection (38%), according to the study. CIO/CTOs suggest that training non-security staff interested in transitioning to security roles, increasing the use of reskilling programs, implementing performance-based training, leveraging AI/automation, and increasing the use of contract employees or consultants may help address some of these skill gaps.

In terms of soft skills, critical thinking, problem-solving, decision-making (49%), communication, and leadership qualities are some of the top skills sought by Indian firms in cybersecurity job candidates. "The soft skills gaps we see among cybersecurity professionals are also part of a concerning systemic issue that our industry needs to take seriously," says Jon Brandt, ISACA Director, Professional Practices, and Innovation. "While there is no simple solution, addressing these needs with a collaborative approach that goes beyond traditional academia to involve hands-on training, mentorship, and other learning pathways can make an impact not only on individual skillsets and enterprise security outcomes but also on the integrity of the profession as a whole."

Globally, the top three attack concerns remain the same as last year—enterprise reputation (79%), data breach concerns (69%), and supply chain disruptions (55%). Respondents worldwide also indicate that social engineering (15%) remains the primary type of cyber-attack they experience, an increase of two percentage points. This is followed by advanced persistent threats (11%), ransomware (10%), security misconfiguration (10%), unpatched systems (10%), denial of service (9%), and sensitive data exposure (9%).

The skills gap putting cybersecurity at greater risk is an ongoing issue. According to the 2023 Global Cybersecurity Skills Gap report published by cybersecurity firm Fortinet in April, 84% of surveyed organizations in India stated that unfilled IT positions due to a cyber skills shortage have led to additional cyber threats.

“Today over 80% of respondents find it challenging to hire certified professionals, which puts organizations at risk,” agreed Vishak Raman, Vice President of Sales, India, SAARC & Southeast Asia at Fortinet. To strengthen their security postures and stay ahead of the growing cyber threat landscape, it's essential for organizations to prioritize cybersecurity training and upskilling, he added.

Quoting a report released in June 21, Sunil Chemmankotil, Chief Executive of staffing firm TeamLease Digital, said the industry saw more than 40,000 job postings in the first five months of this year. However, nearly 30% of them remained vacant despite strong demand and rising salaries for such roles. A shortage of skilled professionals for requisite roles, high attrition levels, and often extreme stress levels is impacting the industry. As Chemmankotil said, “many cybersecurity professionals leave the job midway, owing to immense job pressures. They struggle with new frameworks and models, such as zero trust."

Chemmankotil further believes that the shortage of talent will continue, even as TeamLease data projected the domestic cybersecurity sector to grow at 8% annually, reaching a worth of $3.5 billion by 2027.