Sixty-three per cent of cybersecurity professionals in India say their role is more stressful now than it was five years ago, according to a recently released 2024 State of Cybersecurity survey report from ISACA, a global professional association advancing trust in technology.
The study, sponsored by Adobe, showcased the feedback of more than 1,800 cybersecurity professionals worldwide on topics related to the cybersecurity workforce and threat landscape.
According to the data from 122 Indian cybersecurity professionals, the top reasons for this increased stress are an increasingly complex threat landscape, insufficiently trained staff, worsening hiring and retention challenges, lack of prioritisation of cybersecurity risks and low budgets.
As per the report, around 29 per cent of Indian respondents say their organisations are experiencing increased cybersecurity attacks which include attack types like social engineering, malware, denial of service and zero-day exploits. The report highlights that more than one-fourth of respondents from India expect a cyberattack on their organisation in the next one year, and more than half of them have a high degree of confidence in their team’s ability to detect and respond to cyber threats.
“Social engineering attacks, such as phishing, are a growing concern for organisations as human error remains a major factor in data breaches. With the increasing frequency and sophistication of these attacks, it is essential for organisations to adopt secure authentication methods to strengthen their defences,” said Mike Mellor, VP of Cyber Operations at Adobe.
We believe that fostering a deep security culture among all employees through anti-phishing training, combined with stronger controls such as zero-trust networks protected by phishing-resistant authentication, are essential in safeguarding any organisation, Mellor added.
Despite an increasingly difficult threat landscape, the survey showcased that cybersecurity budgets and staffing are not keeping pace and nearly half of the respondents said that cyber budgets are underfunded, and 49 per cent expect budgets will increase in the next year.
Another interesting aspect of the report has been in terms of hiring, 46 per cent of India-based organisations said that their cybersecurity teams were understaffed, and respondents in India indicated that 30 per cent of organisations had no open positions and 48 per cent of organisations have non-entry level cybersecurity positions open and only 24 per cent had entry-level positions which were open.
“Despite the increase in the awareness of cybersecurity threats, many organisations in India and even globally are still underfunding their cybersecurity budgets. With 87 per cent of Indian cybersecurity professionals identifying the complex threat landscape as a top stressor and 40 per cent pointing to underfunded budgets, it is evident that organisations in India need to do more to support their cybersecurity teams,” said R.V. Raghu, director, Versatilist Consulting India Pvt Ltd, and ISACA India Ambassador.
Hiring challenges combined with the increasing complexity of the attacks that we face today are putting a lot of pressure on cybersecurity teams, he added. “It is time for organisations to rethink their approach, and focus on better resource allocation, enhanced training, and support systems to build resilient cybersecurity teams that are capable of withstanding future threats,” said Raghu.
As per the report, respondents from India indicated that the main skills gaps they saw in cybersecurity professionals were cloud computing (48 per cent) and security control implementation (40 per cent).
More than half of survey respondents in India reported having difficulty retaining qualified cyber candidates, the main reasons for leaving included limited promotion and development opportunities, poor financial incentives, high work stress levels, lack of management support and limited remote work possibilities.