Building a slide deck, pitch, or presentation? Here are the big takeaways:

  • 81% of cybersecurity experts surveyed think it is likely or very likely that their organization will experience a cyberattack this year. — ISACA, 2018
  • 31% of organizations said their board hasn’t “adequately prioritized enterprise security.” — ISACA, 2018

Despite advances in enterprise security tools, cyber professionals believe the prevalence of attacks won’t shrink. According to an ISACA report, released at the RSA Conference on Tuesday, 81% of security professionals said they believe it is “likely or very likely” that their organization will experience a cyberattack this year.

One big reason for that is the trending data for the past year. According to the report, 50% of respondents noted that their enterprise had seen an uptick in attacks over the past 12 months.

Despite these statistics, security still isn’t being prioritized at the board level, according to 31% of the 2,300 professionals surveyed by ISACA. This is further evidence that a solid security strategy must have buy-in from the top down, to guarantee that everyone is on the same page.

SEE: Information security policy (Tech Pro Research)

Budgets for security are increasing, the report found, but 59% of information security professionals said they have unfilled security positions at their company. So the problem of the cybersecurity skills gap rages on.

There is some good news, though. Only 54% said it takes three months to fill an open security position, which is down from 62% last year. This means that some positions are getting filled more quickly. Also, the report noted that diversity programs are having success in closing the perception gap between men and women of available opportunities in the field as well.

More than 70% of respondents said their organization is looking for candidates with strong technical skills, but they’re hard to find. Still, the number of qualified job candidates for security roles is increasing, the report said. Only 30% of respondents said fewer than 25% of candidates had the proper qualifications, which is dow from 37% last year.

According to ISACA CEO Matt Loeb, cited in the report, the skills problem isn’t strictly financial. There just aren’t enough professionals with the needed qualifications.

“More of those dollars will need to be invested in technical cybersecurity training, along with effective retention programs,” Loeb said in the report. “Practitioners who acquire and demonstrate hands-on technical cybersecurity skills will find themselves in significant demand.”