Delhi: Cybersecurity professional hiring remains a challenge for most organisations across the Asia Pacific and Japan (APJ) region in the next 24 months as per a new sponsored survey by Sophos.
The survey found that for 75% of Indian organisations, cybersecurity professional hiring remains a challenge over the next two-year span.
The recruitment of cybersecurity professionals remains core to APJ companies and organisations as they continue to battle out cyberattacks and new threats. Sophos’ survey The Future of Cybersecurity in Asia Pacific and Japan in collaboration with Tech Research Asia (TRA) has released its findings.
Among the key findings of this survey in its third edition revealed that there’s a lack of cybersecurity awareness in the boardroom and executives broadly assume their company will never be attacked, despite rising ransomware incidences, impact and cost.
The study surveyed 200 organisations in India and it revealed that their security spending is a little under 11% of the total technology or IT budget.
Around 93% of the surveyed organisation in India have cybersecurity maturity ratings between 18 to 33%, among which 33% of companies said they rely on managed security.
In these companies the cybersecurity strategy is led by 34% CISO, 34% CIO/ CTO and 32% have a shared group responsibility.
Frustrations of cybersecurity professionals
The top frustrations of cybersecurity professionals in India as per the survey are that executives assume cybersecurity is easy cybersecurity personnel over exaggerate threats and issues.
There’s too much ‘fear and doubt’ messaging that makes it hard to talk accurately about cybersecurity and cybersecurity is frequently relegated in priority.
Board-level understanding of cybersecurity
In terms of board-level understanding of cybersecurity, 61% of companies in India said that their boards very well understand cybersecurity issues and 30% said their board understand cybersecurity moderately well.
While spending on cybersecurity and understanding of cybersecurity issues may vary and depend on the nature of the company and its business domain, the availability or recruitment of skilled cybersecurity professionals remains very important for most companies in India.
Cybersecurity professional hiring
Only 26% of surveyed respondents said that their organisation have enough cybersecurity specialists and has no problem recruiting more. However, for 75% of Indian firms, recruiting cybersecurity professionals remains a challenge in the next 24 months but in varying degrees.
In terms of cybersecurity skills that are highly in demand include knowledge of cloud security policies/architecture, software vulnerability testing and employee and executive training.
Adoption of Threat Hunting
With a shortage of skilled cybersecurity professionals, the adoption of threat hunting, which is one of the core features in strengthening cybersecurity mechanisms in organisations remains impacted. And hence, many companies rely on external partners and outsource threat hunting.
In India, 54% of companies do threat hunting in-house, while 41% use an external partner and 6% have no idea or are unsure of threat hunting.
With a lack of understanding of cybersecurity coupled with skilled cybersecurity professional shorage, companies in India have no choice but to heavily rely on cybersecurity solutions vendors.
But 86% of respondents believed that cybersecurity vendors do not provide the information they need to help educate executives, and 93% of companies agree their biggest security challenge in the next 24 months will be the awareness and education of employees and leadership.