author photo
By Clare O’Gara
Mon | Jun 8, 2020 | 5:30 AM PDT

If your security team is understaffed, it may also be less confident about stopping cyberattacks.

New data from ISACA reveals that a cybersecurity team's confidence about thwarting an attack is linked to staffing levels.

ISACA research on cybersecurity team staffing

A key step to getting the job done is having people to solve the problem.

Cybersecurity professionals know this all too well, since so many teams are fighting to find more cyber talent.

The latest research from ISACA notes that 62% of those surveyed say their teams are understaffed.

And that number can have some major consequences. The first, of course, is an increased incident risk. The second, though, is less overt: team confidence.

The statistics from ISACA reveal these numbers for teams that have a "high degree of confidence" in their ability to respond to cyber threats:

  • 50% of appropriately staffed IT teams are confident
  • 30% of somewhat understaffed teams are confident
  • 21% of significantly understaffed teams are confident

If your team is fully staffed, your employees are more confident. And confidence can be an overlooked aspect of the job. Cybersecurity professionals need to trust in themselves and their teammates in order to perform their role well.

Sandy Silk, CISSP, Director of IT Security Education and Consulting at Harvard University, highlights the importance of these findings:

"Security controls come down to three things—people, process, and technology—and this research spotlights just how essential people are to a cybersecurity team.

It is evident that cybersecurity hiring and retention can have a very real impact on the security of enterprises. Cybersecurity teams need to think differently about talent, including seeking non-traditional candidates with diverse educational levels and experience."

Check out the research in ISACA's "State of Cybersecurity 2020" report.