When cyber risks are not regularly assessed, organizations are more vulnerable to attacks and increase the risk that breaches will go undetected for extended periods of time.

A survey by ISACA of 556 respondents in Europe shows that half (52%) of cybersecurity professionals are now experiencing more cyberattacks than last year. Despite organizations recognizing the growing threat, fewer than one in ten (8%) organizations conduct monthly cyber risk assessments and two in five (40%) do so annually.

A shortage of workers means that companies do not measure and test their cyber resilience on a sufficiently regular basis. Nearly two-thirds (62%) of respondents say their cybersecurity team is understaffed. Of companies with cybersecurity job openings, 39% are looking for entry-level positions that do not require experience, degrees, or qualifications. What’s striking is that 44% of companies say they require a college degree for entry-level cybersecurity positions.

Chris Dimitriadis, Global Chief Strategy Officer at ISACA, explains: “Our results show that it is difficult for companies to hire people with the right skills to manage cybersecurity. Companies are not separate from customers or other organizations on their network, and a cyberattack on one part of the ecosystem has consequences for everyone.”

There are a number of simple steps companies can take to close the cyber skills gap and improve their cyber resilience. Of the companies that have made progress, half continue to train their non-safety personnel, almost half (46%) use freelancers or external consultants, and one in four (27%) use training programs.