ISSA looks at the state of the cybersecurity workforce.
By Tim Nodar, CyberWire senior staff writer
Sep 6, 2023

Cybersecurity jobs seem to be growing more difficult, say the people who are doing them.

ISSA looks at the state of the cybersecurity workforce.

TechTarget’s Enterprise Strategy Group (ESG) and the Information Systems Security Association (ISSA) have published research looking at the cybersecurity workforce, finding that the majority of cybersecurity workers said their jobs have grown more difficult over the past two years:

“Nearly two-thirds (66%) of respondents believe that working as a cybersecurity professional has become more difficult over the past 2 years, with close to a third (27%) stating that it is much more difficult. Internal issues like workload complexity, staffing shortages, and budget deficits combined with external issues like the dangerous threat landscape and regulatory compliance challenges have made this profession progressively more difficult. Most (81%) respondents cite the increase in cybersecurity complexity and workload as the reason their careers are more difficult now.”

The researchers add, “Over half (59%) point to the increase in cyberattacks due to an expanding attack surface and 46% state that their cybersecurity team is understaffed. Almost half (43%) agree that both budget pressures and regulatory compliance complexity have increased and present further challenges. Nearly one-in-ten (8%) of cybersecurity professionals have experienced one or several disruptive security events at their organization that have made their work more difficult.”

Additionally, a majority of respondents said their organizations have been affected by the lack of workers in the cybersecurity field:

“Most organizations (71%) report that they’ve been impacted by the cybersecurity skills shortage—a dramatic increase from 57% in the last study, leading to an increased workload for the cybersecurity team (61%), unfilled open job requisitions (49%), and high burnout among staff (43%), according to respondents. Further, nearly all (95%) respondents state the cybersecurity skills shortage and its associated impacts have not improved over the past few years and 54% (up 10% from 2021) say it has only gotten worse. When asked to identify areas where the security skills shortage is most acute, respondents pointed to application security, cloud security, and security analysis and investigations.”