As cybersecurity talent becomes rare, Indian companies struggle to play catch-up

As enterprises turn to digitisation, cybersecurity operations have become crucial to safeguard against risks. As per a survey by global IT governance firm, ISACA, which was conducted this year, 60 per cent of the organisations in India revealed that they have vacant cybersecurity positions whereas 42 per cent reported that their organisation’s cybersecurity team is understaffed. Even more concerning is that 59 per cent believe that less than half of their applicants are well qualified for the position they are applying, as per the survey.

Hiring and retention challenges

On an average a majority of the Indian enterprises surveyed (62 per cent) reported that it takes them 3-6 months to find qualified candidates for various cybersecurity positions compared to 47 per cent globally, which indicates a more acute shortage of talent in India. For respondents in India, the top factors hiring managers use to determine whether a candidate is qualified are prior hands-on cybersecurity experience (77 per cent), credentials (45 per cent) and hands-on training (38 per cent). The major reasons behind high-level attrition in the cybersecurity industry include poor financial incentives in terms of salary or bonus (51 per cent), limited promotion and development opportunities (50 per cent), recruited by other companies (47 per cent), high work stress levels (38 per cent) and lack of management support (38 per cent).

Skill gaps

59 per cent of the respondent organisations in India, as per the ISACA survey, believe that half of their applicants are well qualified for the position that they apply for. India-based respondents note that their organisations are undertaking multiple measures to decrease cybersecurity skill gaps, such as training, to allow non-security staff, especially those who are interested, to move into security roles (58 per cent), increased use of reskilling programmes (44 per cent), increased usage of consultants and external staff (38 per cent), and increased use of performance-based training (36 per cent).

“Challenges in hiring and retaining cybersecurity professionals have impacted organisations around the world for years, and have only become more complex amid the pandemic and larger shifts in the global workforce. ISACA is addressing those challenges globally by building a workforce of digital trust professionals, who have more holistic and correlated views from the adjacent professions of cybersecurity, IT audit, risk, privacy and digital technology governance, while also offering state of the art tools in cyber maturity assessments,” said Chris Dimitriadis, ISACA Chief Global Strategy Officer