60% of Indian firms struggle to recruit cybersecurity professionals: Sophos

Mumbai: In all, 40% of Indian organizations plan to appoint a chief information security officer (CISO) in the next 24 months to lead their cybersecurity strategy, against the present 33%, a study by cybersecurity company Sophos has found. The study found 60% of organizations struggle to recruit people with cybersecurity skills they need.

Sophos came up with the findings from the third edition of its survey, The Future of Cybersecurity in the Asia Pacific and Japan. The survey was done in collaboration with Tech Research Asia (TRA) where a total of 900 responses were captured across Australia, India, Japan, Malaysia, Philippines, and Singapore. In addition to this, TRA captured qualitative insights from virtual roundtable events in Australia, India, Japan, and Singapore (with ASEAN representation).

“The scale of attacks over the last year has highlighted the need for highly skilled resources, which increases the pressure on organizations that are already struggling to hire talent with the right cybersecurity skills," said Sunil Sharma, managing director – sales, Sophos India and SAARC, adding that to combat today’s sophisticated cyberattacks, organizations need next-generation cybersecurity solutions and highly skilled personnel to manage these solutions, carry out 24x7 threat hunting and detection, and response operations.

Though cyberattacks have been increasing on companies, cybersecurity budgets have remained stagnant and executive teams continue to underestimate the level of damage threats can do to organizations.

Furthermore, 94% of Indian businesses believe that the biggest challenge to their security in the next 24 months will be the awareness and education of their employees and leadership.

"Considering the pace at which attacks are increasing, this skills gap can be dangerous for the security of organizations. To address this gap, organizations need to invest in machine learning-enabled cybersecurity systems that automate certain tasks and reduce the workload of cybersecurity teams," Sophos said in a statement, adding that those organizations that don’t have in-house teams that can carry out 24x7 security operations can outsource their security to managed service providers and their threat hunting to a specialized managed threat response service.