European IT security teams are overstressed, underfunded and suffering from major skills gaps and shortages, according to ISACA.
The industry body polled over 1800 members across the region to better understand the challenges facing professionals in the sector.
It revealed that 61% believe their team is understaffed: 19% claimed their organization has unfilled entry-level positions available, while 48% said the same about roles requiring experience, a university degree or other credentials.
Worryingly, the latter two figures have dropped only a few percentage points since 2023, from 22% and 53% respectively.
Read more on skills shortages: Cybersecurity Workforce Gap Rises by 19% Amid Budget Pressures
As well as skills shortages like these, skills gaps are also evident. Over half (52%) of respondents said that soft skills are lacking most among today’s cybersecurity professionals. Some 54% pointed to communication skills as being most important, followed by problem-solving (53%) and critical thinking (48%).
The survey’s findings reinforce the need for employers to prioritize soft skills as well as technical skills when hiring, as the latter can often be learned once they join.
“The cybersecurity industry will massively benefit from a diverse range of people – each with different skills, experiences, and perspectives,” argued ISACA chief global strategy officer, Chris Dimitriadis. “This is the key to plugging the skills gap. Once talent enters the industry, businesses can then train and upskill new entrants on the job with cyber certifications and qualifications.”
Stressful Times For Security Pros
ISACA also found rising stress levels among cybersecurity professionals, in part due to surging threat volumes and persistent talent shortages.
Over two-thirds (68%) claimed their role is more stressful now compared to five years ago, with 79% saying this is due to an increasingly complex threat landscape. Two-fifths (41%) said they are experiencing more cyber-attacks than a year ago, and 58% said it’s likely their organization will experience one in the next year, up from 52% in 2023.
Some 52% also claimed that their organization’s cybersecurity budget is underfunded.
“In an increasingly complex threat landscape, it is vital that, as an industry, we overcome these hurdles of underfunding and understaffed teams,” continued Dimitriadis. “Without strong, skilled teams, the security resilience of whole ecosystems is at risk – leaving critical infrastructure vulnerable.”