Press Release


 As State of the Union Tackles Cybersecurity, New ISACA Survey Shows 86% See a Cybersecurity Skills Shortage 

Rolling Meadows, IL, USA (January 20, 2015)—A new global survey of more than 3,400 members of IT association ISACA shows that close to half (46 percent) of respondents expect their organization to face a cyberattack in 2015 and 83 percent believe cyberattacks are one of the top three threats facing organizations today. Yet an alarming 86 percent say there is a global shortage of skilled cybersecurity professionals and only 38 percent feel prepared to fend off a sophisticated attack. The 2015 Global Cybersecurity Status Report survey was conducted just one week before US President Barack Obama’s State of the Union address, which will discuss a range of actions to reduce cyberthreats and data privacy risks.

“ISACA supports increased discussion and activity to address escalating high-profile cyberattacks on organizations worldwide,” said Robert E Stroud, CGEIT, CRISC, international president of ISACA and vice president of strategy and innovation at CA Technologies. “As Washington calls for action, we hope they take a clear and straight-forward approach, working in close coordination with industry. Cybersecurity is everyone’s business, and creating a workforce trained to prevent and respond to today’s sophisticated attacks is a critical priority.”

The 2015 Global Cybersecurity Status Report, conducted January 13-15, 2015, is based on online polling of 3,439 ISACA members in 129 countries, including 1,211 members in the US. The survey has +/- 1.7% margin of error at a 95 percent confidence level.

Support for Proposed 30-day Breach Notification Law

Survey results show that 76 percent agree or strongly agree with President Obama’s proposed federal law requiring companies to notify consumers of a data breach within 30 days. When asked about obstacles to timely notification, respondents ranked company concern about corporate reputation first (55 percent), followed by inadequate system design (15 percent), increased cost (13 percent) and insufficient staffing (10 percent).

Data breaches at a series of well-known retailers in 2014 made the issue of data security highly visible to consumers and highlighted the struggles that companies face in keeping data safe. Finding and retaining skilled cybersecurity employees is one of those challenges. In fact, 92 percent of ISACA’s survey respondents whose organizations will be hiring cybersecurity professionals in 2015 say it will be difficult to find skilled candidates.

“As the world grapples simultaneously with escalating cyberattacks and a growing skills shortage, ISACA believes that it is absolutely essential to develop and train a robust cybersecurity workforce. That is why we launched the Cybersecurity Nexus (CSX) in 2014. We take very seriously our role in addressing the skills gap through skills-based credentials, training, guidance and mentoring programs,” noted Stroud.

ISACA is a global leader in cybersecurity. The association assisted the National Institute of Standards and Technology (NIST) in the development of the U.S. Cybersecurity Framework, and ISACA’s Cybersecurity Nexus (CSX) is one of the first and most comprehensive resources to support security professionals at every level of their careers.

In late 2014, ISACA launched the Cybersecurity Fundamentals Certificate, designed for university students and recent graduates, entry-level security professionals, and those seeking a career change. The certificate addresses the global skills shortage by helping organizations quickly identify candidates with a foundational level of cybersecurity knowledge, while helping the most qualified job seekers distinguish themselves.

In October 2015, ISACA will host the first CSX conference in Washington DC to bring together global thought leaders in cybersecurity.

For additional survey results, graphics and insights from cybersecurity experts, visit . To learn about the credentials, guidance and resources offered in ISACA’s CSX, visit



With more than 115,000 constituents in 180 countries, ISACA ( helps business and IT leaders build trust in, and value from, information and information systems. Established in 1969, ISACA is the trusted source of knowledge, standards, networking, and career development for cybersecurity and information systems audit, risk, privacy and governance professionals. ISACA offers the Cybersecurity Nexus, a comprehensive set of resources for cybersecurity professionals, and COBIT, a business framework that helps enterprises govern and manage their information and technology. ISACA also advances and validates business-critical skills and knowledge through the globally respected Certified Information Systems Auditor (CISA), Certified Information Security Manager (CISM), Certified in the Governance of Enterprise IT (CGEIT) and Certified in Risk and Information Systems Control (CRISC) credentials. The association has more than 200 chapters worldwide.

Follow ISACA on Twitter:

Join ISACA on LinkedIn: ISACA (Official),

Like ISACA on Facebook:



Kristen Kessinger, +1.847.660.5512,

Joanne Duffer, +1.847.660.5564,

Rachel Acevedo, +1.847.660.5617,

Cybersecurity Nexus Newsroom: