State of Cybersecurity 2022

State of Cybersecurity 2022, Global Update on Workforce Efforts, Resources and Cyberoperations reports the results of the annual ISACA^® global State of Cybersecurity Survey, conducted in the fourth quarter of 2021. This survey report focuses on the current trends in cybersecurity workforce development, staffing, cybersecurity budgets, threat landscape and cybermaturity. The survey findings reinforce past reporting and, in certain instances, mirror prior year data. Staffing levels, ease of hiring and retention remain pain points across the globe, and declining optimism about cybersecurity budgets reversed course this year.

Executive Summary

The eighth annual ISACA® global State of Cybersecurity Survey continues to identify current challenges and trends in the cybersecurity field. State of Cybersecurity 2022 analyzes the survey results regarding cybersecurity staffing and skills, resources, cyberthreats and cybersecurity maturity. The survey findings are largely consistent with the findings from prior years indicating that enterprises continue to lack desired staffing levels and skills to combat cyberthreats:

• Any positive effect that the global COVID-19 pandemic had on retention last year wore off. Enterprises are engaged in a powerful battle to retain cybersecurity staff.
• Sixty-three percent of respondent enterprises have unfilled cybersecurity positions.
• Sixty percent of enterprises report experiencing difficulties in retaining qualified cybersecurity professionals.
• Soft skills and cloud-computing skills are the top two skill gaps that survey respondents see in today’s cybersecurity professionals. Regarding recent university graduates, respondents highlight soft skills again this year as the area of greatest concern; however, technical skills appear to be improving.
• To address skill gaps, cross training of employees and increased use of contractors and consultants remain primary mitigations.
• The trend to require a university degree for entry-level cybersecurity positions is reversing. A smaller percentage of enterprises are requiring university degrees.

The number of survey respondents who believe their cybersecurity programs are appropriately funded increased to 42 percent—a five percentage-point jump and the most favorable report since ISACA began its state of cybersecurity reporting. Last year’s declining optimism about cybersecurity budgets reversed course this year, with 55 percent of respondents expecting an increase in funding.

Although 82 percent of respondents believe their leadership team sees value in conducting a cyberrisk assessment, only 41 percent of respondent enterprises perform an annual cyberrisk assessment.

Despite the high-profile media attention to ransomware attacks during this reporting cycle, cyberattack reporting is mostly unchanged from last year.