State of Cybersecurity 2023: Navigating Current and Emerging Threats

Jason Lau
Author: Jason Lau, CGEIT, CRISC, CISA, CISM, CDPSE, CISSP, CIPP/E, CIPM, CIPT, CEH, HCISPP, FIP, ISACA Board Director, and Chief Information Security Officer at Crypto.com
Date Published: 2 October 2023

In an era where digital threats are omnipresent, a notable 48% of organizations reported an increase in cyberattacks this year compared to the last in ISACA’s 2023 State of Cybersecurity report. This figure, while concerning, is the smallest reported increase in the past six years. Are cyber adversaries becoming stealthier, or are our defense mechanisms evolving?

Maybe the alarming truth is that 62% believe that a majority of organizations under-report cyberattacks, which skew the reality. This could be attributed to concerns over brand reputation, potential legal consequences or even unawareness. This statistic underscores the pressing need for transparency and collaboration in the cybersecurity domain.

The Human Element: Staffing and Skills

Cybersecurity isn’t just about technology; it's about the people behind it. The industry grapples with a staffing challenge, with 59% of leaders indicating their teams are understaffed. This isn’t merely a numbers game; it's about equipping teams with the right skills.

The State of Cybersecurity report underscores that demand for technical skills such as identity and access management (49%), cloud computing (48%), data protection (44%), incident response (44%), and DevSecOps (36%) is on the rise. Alongside these, soft skills are gaining prominence. Communication is at the forefront with 55%, followed by critical thinking (54%), problem-solving (49%), teamwork (45%) and attention to detail (36%).

The convergence of these skills is crucial, especially as we navigate the complexities introduced by technologies like AI. Yet, even with the right skills in place, retaining talent remains a hurdle. With 56% of cybersecurity leaders admitting difficulty in retaining qualified professionals, one must ask: Are we doing enough to nurture and retain our cybersecurity talent?

The Role of AI in Cybersecurity

Artificial Intelligence (AI) is reshaping the cybersecurity landscape. While AI-driven solutions offer enhanced threat detection and automated responses, they also introduce novel vulnerabilities. Adversarial attacks, data poisoning and model inversion are just a few examples of how AI systems can be compromised.

As AI becomes integral to cybersecurity, 48% of organizations emphasize the importance of cloud computing as a technical skill needed now. Given that many AI systems are hosted on cloud platforms, robust cloud security is indispensable. Furthermore, with 44% of respondents identifying data protection as an in-demand skill, it’s evident that safeguarding the data AI learns from is paramount.

ISACA certifications, held in high regard by security leaders, encompass a comprehensive range of information security domains. From information security audit (CISA), to security program management (CISM), to enterprise risk management (CRISC), to data privacy (CDPSE), and governance and compliance (CGEIT), these certifications provide a holistic perspective on AI integration within diverse environments.

Importance of Qualifications and Certifications

In the dynamic world of cybersecurity, qualifications are paramount. An overwhelming 95% of employers value hands-on experience when assessing a candidate’s qualification. Additionally, 87% regard an information security or cybersecurity credential as a key qualification, and 80% stress the significance of hands-on security training.

Certifications not only validate expertise but also pave the way for structured learning. The preference for candidates with a CISM certification over non-certified individuals by 74% of security leaders underscores its value. As AI continues to shape the cybersecurity landscape, certifications like CISM will be pivotal in ensuring effective governance and risk management.

Looking Ahead: 2024 and Beyond

The future holds promise and challenges. A significant 78% anticipate a surge in demand for technical cybersecurity contributors in the coming year. Concurrently, 48% foresee an increase in the demand for cybersecurity managers.

Budgetary considerations are also evolving, with 51% predicting at least a modest increase in the next year. This could be a response to the multifaceted threat landscape, the integration of AI in cybersecurity and the need for skilled professionals to navigate these challenges.

Reflecting on the importance of preparedness and vigilance, Benjamin Franklin’s words come to mind: "By failing to prepare, you are preparing to fail." In our interconnected digital age, especially with the rise of AI, the need for robust cybersecurity measures is not just a luxury but a necessity.