New ISACA Study Finds Cybersecurity Workforce Minimally Impacted by Pandemic, but Still Grappling with Persistent Hiring Challenges

Schaumburg, Il., (May 4, 2021) — The pandemic's disruption has rippled across the globe, impacting workforces in nearly every sector. However, according to the findings from the State of Cybersecurity 2021 Part 1 survey report from ISACA in partnership with HCL Technologies, the cybersecurity workforce has largely been unscathed, though all-too familiar challenges in hiring and retention continue at levels similar to years past.


Released today at the inaugural ISACA Conference, the results show that just 53 percent of the 3,600 information security professionals who participated in the survey indicated they had difficulty retaining talent last year during the pandemic—a four percentage point decline from the year before, which may have been a side effect of uncertainty amidst COVID-19. In a climate where remote work became more prevalent—and in some cases, mandatory—those citing "limited remote work possibilities" as a reason for leaving their cybersecurity role saw a six-percentage point decline (45%) compared to the year before.


Though the cybersecurity workforce was mainly spared the pandemic devastation experienced by other sectors, the survey found that longstanding issues persist, including:


  • 61 percent of respondents indicate that their cybersecurity teams are understaffed.
  • 55 percent say they have unfilled cybersecurity positions.
  • 50 percent say their cybersecurity applicants are not well qualified.
  • Only 31 percent say HR regularly understands their cybersecurity hiring needs.


Staff Gaps and Attacks Linked


As in years past, the findings show that retention issues and increased cyberattacks are somewhat interrelated. Sixty-eight percent of respondents who experienced more cyberattacks in the past report being somewhat or significantly understaffed, and 63 percent who experienced more cyberattacks in the past indicated they have experienced difficulties retaining qualified cybersecurity professionals.


"It has become even more evident in the past year just how vital cybersecurity is to ensuring business continuity, yet the years-long struggle to staff these teams continues," said Jonathan Brandt, ISACA information security professional practices lead. "As a global cybersecurity community, it is imperative that we all come together to recalibrate how we hire, train and retain our future cyber leaders to ensure we have a solid workforce to meet these evolving cybersecurity needs."


Hiring and Skills Challenges Persist, Especially with Recent Graduates


Despite the high demand for cybersecurity jobs, 50 percent of those surveyed generally do not believe that their applicants are well qualified. Additionally, only 27 percent of survey respondents say that recent graduates in cybersecurity are well-prepared, though 58 percent indicate that they require a degree for entry-level cybersecurity positions. Respondents note that they also seek prior hands-on cybersecurity experience (95 percent), credentials (89 percent) and hands-on training (81 percent) when determining whether a candidate is qualified. The top three skills gaps they see in candidates are soft skills (56 percent), security controls (36 percent) and software development (33 percent), which organizations are addressing by:


  • Training non-security staff who are interested in moving to security roles (43 percent)
  • Increasing usage of contract employees or outside contractors (37 percent)
  • Increasing use of reskilling programs (23 percent)
  • Increasing use of performance-based training to build hands-on skill (22 percent)
  • Increasing reliance on AI/automation (22 percent)


"Making a meaningful difference in addressing the persistent skills gaps in the cybersecurity workforce will require a collaborative and concerted effort between government, academia and industry," says Renju Varghese, Fellow & Chief Architect, CyberSecurity & GRC Services, HCL Technologies. "Through strategic partnerships and outreach, we will be able to not only better prepare graduates coming out of university programs but also equip a wide range of candidates from non-traditional paths with the skills needed to succeed in a cybersecurity career."


Industry Next Steps


Thesurvey report also compiles perspectives from HCL Technologies, the National Initiative for Cybersecurity Education (NICE), ENISA and CyberUp, an apprenticeship program on these common barriers to hiring and retention and how the industry can adjust their approach to open doors to a wider talent pool, including through partnerships, outreach programs, apprenticeships, and a new skills framework and taxonomy.


"At ISACA, we are not only committed to providing research and best practices that guide our global professional community, but also to taking action to help fill the skills gap," says David Samuelson, ISACA CEO. "This includes transforming our digital and learning tools to give individuals and companies training that is more relevant and customized than ever before and supporting the important work of the One In Tech foundation in advancing equity and inclusion in the tech workforce."


ISACA will also be offering additional perspective on this research in its upcoming online panel, "Upskilling, Credentials and Soft Skills: Closing the Cyber Workforce Gap," at the RSA Conference.


For a complimentary copy of State of Cybersecurity 2021 Part 1, insights from industry leaders and related resources, visit



For more than 50 years, ISACA®( has advanced the best talent, expertise and learning in technology. ISACA equips individuals with knowledge, credentials, education and community to progress their careers and transform their organizations, and enables enterprises to train and build quality teams. ISACA is a global professional association and learning organization that leverages the expertise of its more than 150,000 members who work in information security, governance, assurance, risk and privacy to drive innovation through technology. It has a presence in 188 countries, including more than 220 chapters worldwide. In 2020, ISACA launched One In Tech, a philanthropic foundation that supports IT education and career pathways for under-resourced, under-represented populations.