Cybersecurity Crisis: 2 in 3 Companies Face Staff Shortages

A new industry survey reveals a deepening cybersecurity crisis, with nearly two-thirds of companies struggling with unfilled security positions. This widespread staffing shortage creates critical vulnerabilities as organizations face increasingly sophisticated threats. The research indicates that hiring qualified professionals remains painfully slow, with many roles taking months to fill regardless of experience level.

The talent gap extends beyond recruitment challenges, as half of organizations report difficulty retaining their existing cybersecurity staff. While the percentage of understaffed security teams has slightly decreased from last year, 55% of organizations still operate with insufficient personnel. Budget constraints compound these problems, with over half of respondents describing their cybersecurity funding as inadequate.

Leadership awareness appears to be another concern area. Only 56% of security professionals believe their executive board properly prioritizes cybersecurity despite the escalating threat environment. This disconnect between security teams and organizational leadership may be hampering effective risk management strategies.

Industry experts warn that the current pace of addressing these systemic issues remains dangerously slow. “Cybercriminals are moving faster than most organizations can respond,” noted one global strategy officer. “Companies need to view cybersecurity investment as essential for maintaining customer trust and competitive advantage, not merely as a reactive measure after breaches occur.”

The educational pipeline shows significant weaknesses in preparing new professionals. Just 27% of survey respondents consider university graduates adequately prepared for cybersecurity roles. Recent graduates demonstrate particular knowledge gaps in incident response, data security, threat detection, and identity management, all critical areas in modern security operations.

Beyond technical competencies, organizations identified substantial soft skill deficiencies among cybersecurity candidates. Critical thinking, communication abilities, and problem-solving capabilities ranked as the most sought-after soft skills that many applicants lack. Security leaders reported valuing adaptability and practical experience over formal qualifications when evaluating candidates.

The survey findings highlight the importance of diverse pathways into cybersecurity careers. Nearly half of security professionals transitioned from other fields, demonstrating that hands-on training and transferable skills can successfully build capable security teams without traditional cybersecurity backgrounds.

Mounting pressures on cybersecurity professionals have reached concerning levels. Two-thirds of security specialists report their jobs have become significantly more stressful compared to five years ago. The increasingly complex threat landscape represents the primary driver of this workplace pressure, with sophisticated attacks testing organizational defenses daily.

Recent attack trends show no signs of slowing. Over one-third of organizations experienced increased cyber attacks this year, while 43% anticipate their organization will likely face an attack within the next twelve months. Despite legal requirements in many jurisdictions, 39% of professionals believe cybercrime remains significantly underreported, potentially obscuring the true scale of the problem.

Confidence in incident response capabilities appears worryingly low, with only 41% expressing strong faith in their team’s ability to effectively manage security breaches. Social engineering attacks emerged as the most common threat vector, followed by exploited vulnerabilities and malware infections.

The comprehensive global study gathered perspectives from more than 3,800 cybersecurity professionals across multiple industries and geographic regions.

(Source: Info Security)