Written By: Tim Porter
Oct 29, 2024
Meta Description - Discover the key trends and challenges in cybersecurity for 2024, as highlighted in the ISACA State of Cybersecurity report. Learn about workforce dynamics, budget constraints, AI integration, and strategic recommendations to navigate the evolving cybersecurity landscape.
---
Introduction
Anyone who knows me well knows that I have a deep passion for sports. This stems from years of playing any and all sports as a kid, through adolescence, and eventually transitioning to the lifestyle sports such as golf, paddle, and tennis in my "dad-era". Looking back on more of my competitive years in football or baseball, there were 2 commonly themed messages when it came to preparation:
1) 'If were not improving, then were getting worse'; and
2) 'Luck is what happens when preparation meets opportunity.'
But how do we know where to spend our time, money and resources to optimize our efforts in the business world? One effective way is to look back at prior efforts and think critically about how we can improve. Thankfully for us, The State of Cybersecurity 2024 report by ISACA provides a comprehensive overview of the current state of the cybersecurity workforce, resources, and operations. Based on the annual global survey conducted in the second quarter of 2024, the report highlights several significant trends and challenges that organizations need to address to stay ahead of competition, stay in business and stay "lucky" by avoiding cyber incidents.
Workforce Challenges and Solutions
One of the most notable trends is the aging workforce. For the first time, the largest percentage of respondents are between the ages of 45 and 54, surpassing the 35-44 age group. This shift underscores the importance of succession planning to manage potential attrition and ensure a smooth transition of leadership roles.
Staffing levels have shown a slight improvement, with 38% of respondents believing their cybersecurity team is appropriately staffed, a 2% increase from last year. However, 43% still feel their team is somewhat understaffed, indicating a need for continued efforts to attract and retain talent. High levels of occupational stress remain a concern, with 66% of respondents reporting that stress is much higher than five years ago, primarily due to an increasingly complex threat environment.
Economic conditions have led to a decline in open cybersecurity roles, as employees are less likely to leave their current jobs. High work-stress levels and limited remote work possibilities are significant factors contributing to attrition. Additionally, there has been a decrease in employer benefits, with fewer employers paying for professional development training and offering flexible hours.
Cybersecurity budgets have also taken a hit, with only 36% of respondents indicating that their budgets are appropriately funded. The outlook for budget increases is bleak, with only 47% expecting an increase. Despite these challenges, the threat landscape remains complex, with social engineering being the most prominent type of attack. Non-malicious insider exploits have decreased, likely due to effective training and awareness programs (a small win!).
The Role of AI in Cybersecurity
The use of AI in security operations is still in its infancy, with threat detection/response and endpoint security being the most popular applications. However, there is a lack of involvement in the development and implementation of AI solutions and policies. Furthermore, almost half of the respondents do not know what kind of cyber insurance their enterprise carries, which can result in unmet expectations regarding coverage. Just this past month, we had one of our non-profit clients inquire about including a cyber liability policy to their risk treatment plans. It was interesting question because most my experience has been with SaaS and Tech companies so cyber liability was a no-brainer but the non-profit we were working with had a rather simplistic tech stack and a limited number of threat targets.
Conclusion
To address these challenges, the report provides several key recommendations. Organizations should focus on succession planning, improving work conditions, and offering competitive financial incentives to attract and retain talent. Leveraging training to allow non-security professionals to move into security roles and increasing the use of contractors or consultants are also recommended. Additionally, organizations should prioritize creating a supportive work environment, maintaining or enhancing employer benefits, and advocating for appropriate budget allocations.
Increasing reliance on AI and automation can help address staffing shortages and improve security operations. However, it is important for security professionals to be involved in the development, onboarding, and implementation of AI solutions and policies. Ensuring that cybersecurity teams are aware of the type of cyber insurance their enterprise carries is crucial for planning incident responses and managing expectations regarding coverage. Continuous learning and upskilling, especially on emerging technologies like AI, are vital for keeping the workforce updated with the latest skills and knowledge.
In conclusion, the State of Cybersecurity 2024 report emphasizes the need for better workforce planning, increased funding, and greater involvement in AI development to address the evolving cybersecurity challenges in 2024. By implementing these recommendations, organizations can continue to improve and be better prepared to turn new opportunities into "lucky" situations.
.png)