Lack of funding & staff weakens Europe’s cybersecurity teams

Yesterday

Recent research from ISACA, an international association focusing on cybersecurity, has highlighted significant challenges facing cybersecurity teams across Europe. The study reveals that a majority of cybersecurity professionals believe their teams are insufficiently funded and understaffed, impairing their ability to handle the rising tide of cyberattacks.

The report indicates that 52% of the surveyed professionals consider their cybersecurity budgets inadequate. This underfunding is compounded by staffing issues, with 61% reporting that their teams are understaffed. This translates into an increased workload and heightened stress levels among professionals, as 68% report that their roles are more stressful than they were five years ago, attributing this largely to a more complex threat environment.

Chris Dimitriadis, ISACA's Chief Global Strategy Officer, commented on the findings: "In an increasingly complex threat landscape, it is vital that, as an industry, we overcome these hurdles of underfunding and under-staffed teams. Without strong, skilled teams, the security resilience of whole ecosystems is at risk – leaving critical infrastructure vulnerable."

Cyberattack frequency remains a significant concern, with 41% of professionals noticing an increase in attacks compared to the previous year, while 29% report a consistent level in the number of attacks. A majority of 58% anticipate that their organisations are likely to experience a cyberattack in the coming year, demonstrating a 6 percentage point increase from 2023. This points to a crucial need for improved staffing and skills within the sector to prepare for prospective threats and mitigate potential damage.

The survey also indicates a persistent skills shortage, with 19% highlighting unfilled entry-level positions, and 48% noting vacancies for roles requiring specific qualifications or experience. While these figures have seen a slight improvement from the previous year, they underline ongoing recruitment challenges within the industry.

Soft skills are also in demand, with 52% of professionals citing deficiencies in this area. Within this context, communication skills are deemed essential by 54% of respondents, alongside problem-solving (53%) and critical thinking (48%). Dimitriadis emphasised the importance of diversifying talent within the field, stating, "The cybersecurity industry will massively benefit from a diverse range of people – each with different skills, experiences, and perspectives. This is the key to plugging the skills gap. Once talent enters the industry, businesses can then train and upskill new entrants on the job with cyber certifications and qualifications."

In response to the growing sophistication of cyber threats, Mike Mellor, Adobe's Vice President of Security Engineering, also spoke on the necessity of enhancing organisational defences. "With the increasing frequency and sophistication of cyberattacks, it's essential for organisations to adopt secure authentication methods to strengthen their defences. Adobe believes that fostering a deep security culture among all employees through anti-phishing training, combined with stronger controls such as zero-trust networks protected by phishing-resistant authentication, are essential in safeguarding any organisation."

The ISACA survey, conducted in May 2024, surveyed almost 39,000 cybersecurity professionals, including those with ISACA certifications. It provides insights into the current cybersecurity landscape and underscores the need for strategic investment and development within the sector.

Share on: