Cybersecurity professionals are facing increasing levels of stress, with 66% reporting that their roles have become more demanding over the past five years, according to a report from ISACA.

The report, based on feedback from over 1,800 professionals, highlights a growing number of challenges, including the complexity of the threat landscape, limited budgets and insufficient staffing, all of which contribute to heightened stress levels across the industry.

“The complexity of cybersecurity threats is one of the most significant stressors for professionals,” said Chris Dimitriadis, ISACA’s chief global strategy officer.

With 81% of respondents citing this as a key concern, he emphasized companies must address these challenges head-on.

“Training employees to stay updated on emerging risks and technologies is essential,” he said.

He pointed to the importance of integrating cybersecurity into digital transformation projects from the outset, allowing professionals to be proactive rather than reactive.

Cyberattacks Continue to Escalate

The report also revealed 38% of organizations experienced an increase in cybersecurity attacks in the past year, a rise from 31% in 2023

Social engineering attacks like phishing accounted for 19% of incidents, while malware, unpatched systems and denial of service attacks each contributed around 11%.

These escalating threats have left many cybersecurity teams feeling unprepared, with only 40% of professionals confident in their ability to detect and respond to cyber incidents.

Nearly half of the respondents (47%) anticipate a cyberattack on their organization within the next year.

“Zero-trust networks and phishing-resistant authentication are vital in mitigating risks, especially human error,” Dimitriadis said.

However, he stressed that technology alone is not enough.

“User awareness, continuous monitoring, and threat intelligence are crucial to minimizing vulnerabilities,” he added.

Budget and Resource Shortfalls

Despite the increasing threat landscape, cybersecurity budgets remain strained, with more than half of respondents (51%) worried their cybersecurity departments are underfunded — a rise from 47% in 2023.

Additionally, only 37% expect their budgets to increase in the coming year, putting further pressure on teams to do more with less.

“Cybersecurity needs to be linked to the business to justify investment,” Dimitriadis said.

He pointed out that cybersecurity can contribute to business continuity, compliance and customer trust — factors that should be leveraged to secure better funding.

The report also highlighted ongoing staffing challenges: 57% of organizations reported being understaffed, but hiring has slowed, with 38% of organizations having no open positions, compared to 35% last year.

Non-entry level positions remain the most difficult to fill, with 46% of organizations reporting vacancies.

Retention Struggles, Skills Gaps

The survey also underscored the difficulty of retaining qualified cybersecurity professionals, with 55% of respondents reporting issues in keeping talent.

High-stress levels, poor financial incentives, and limited career development opportunities were identified as the main reasons for turnover.

To improve retention, Dimitriadis suggested that companies ensure their cybersecurity efforts are properly recognized.

“Cybersecurity is often only appreciated when an incident occurs,” he said. “It needs to be valued consistently.”

Conducting compensation studies and providing clear career development paths are also essential to keeping cybersecurity teams engaged.

Skills gaps, particularly in critical soft skills such as communication and problem-solving, remain another challenge.

While 73% of employers prioritize hands-on experience in new hires, 51% reported soft skills are the main area where candidates fall short, and 42% of respondents pointed to a lack of cloud computing expertise.

Dimitriadis recommended continuous learning and mentorship to address these gaps.

“Employees need to be trained not just vertically in their domain, but also horizontally, understanding other roles within the organization,” he explained. “This broad perspective enhances both technical and soft skills.”

Despite the challenges, Dimitriadis said he remains optimistic about the future, emphasizing the need for collaboration and proactive planning.

“In a complex environment, being prepared increases effectiveness and reduces stress,” he said.