The stress of cybersecurity professionals was analyzed in a recent report by ISACA. Sixty-six percent of cybersecurity professionals say their role is more stressful now than it was five years ago, according to the report.

In line with this sentiment around challenging threats, 38% of organizations are experiencing increased cybersecurity attacks, compared to 31% a year ago. These top attack types include social engineering (19%), malware (13%), unpatched system (11%) and Denial of Service (11%).

On top of that, nearly half (47%) expect a cyberattack on their organization in the next year, and 40% have a high degree of confidence in their team’s ability to detect and respond to cyber threats.

Despite an increasingly difficult threat landscape, the survey shows cybersecurity budgets and staffing are not keeping pace. More than half (51%) say that cyber budgets are underfunded (up from 47% in 2023), and 37% expect budgets will increase in the next year.

Though 57% of organizations say their cybersecurity teams are understaffed, hiring has slightly slowed:

  • 38% of organizations have no open positions, compared to 35% last year.
  • 46% of organizations have non-entry level cybersecurity positions open, compared to 50% last year.
  • 18% have entry-level positions open, compared to 21% last year.

Employers seeking qualified candidates for open roles are prioritizing prior hands-on experience (73%) and credentials held (38%). Respondents indicate that the main skills gaps they see in cybersecurity professionals are soft skills (51%) — especially communication, critical thinking and problem solving — and cloud computing (42%).

For the more than half of survey respondents (55%) that reported having difficulties retaining qualified cyber candidates, the main reasons for leaving included being recruited by other companies (50%, down eight points from 2023), poor financial incentives (50%), limited promotion and development opportunities (46 percent), and high work stress levels (46%).

Read the report.