RSA Conference 2017 is currently underway in San Francisco, where computer security professionals are gathered to learn about the latest emerging threats and explore the latest advancements in their field. Although the event has no trouble attracting cybersecurity experts, today's businesses are finding it tough to hire and retain IT talent that can keep their networks safe.

ISACA's State of Cybersecurity 2017 report, released this week, reveals a cybersecurity skills gap that can leave businesses uncomfortably exposed to attacks and breaches. More than half of the enterprise organizations (55 percent) surveyed by the information security industry group said it took at least three months to fill cybersecurity positions. Nearly a third (32 percent) go six months or more before finding qualified personnel.

Applicants are simply hard to come by, and qualified ones even more so.

Only 13 percent of companies get 20 or more applicants for their open security positions. About one in five scrape by with fewer than five applicants; 59 percent receive five or more applications. By comparison, most corporate job openings are showered with 60 to 250 applications.

Making matters worse, fewer than one out of every four candidates are qualified, said 37 percent of respondents.

"Though the field of cyber security is still relatively young, demand continues to skyrocket and will only continue to grow in the coming years," said ISACA board chair Christos Dimitriadis, who also serves as group director of Information Security for INTRALOT, in a statement. "As enterprises invest more resources to protect data, the challenge they face is finding top-flight security practitioners who have the skills needed to do the job."

An unfilled cybersecurity position is a ticking time bomb. "When positions go unfilled, organizations have a higher exposure to potential cyberattacks," Dimitriadis continued. "It's a race against the clock."

Of course, even when fully-staffed, IT security teams still face some daunting challenges.

A new report from Intel Security also released during this year's RSA Conference, Building Trust in A Cloudy Sky: The State of Cloud Adoption, paints a troubling picture of the hardships cybersecurity personnel face in today's cloud-enabled IT landscape. A majority (65 percent) of the 2,000 IT professionals polled by company said shadow IT is hampering their ability to secure the cloud.

More than half (52 percent) traced a malware infection to a cloud app. A lack of cybersecurity has caused a slowdown of cloud adoption for 49 percent of organizations.

Despite these challenges, the IT industry appears to be charging full speed ahead toward the cloud, giving security professionals little choice but to adapt to the times.

"The 'Cloud First' strategy is now well and truly ensconced into the architecture of many organizations across the world. The desire to move quickly toward cloud computing appears to be on the agenda for most organizations," said Raj Samani, EMEA chief technology officer at Intel Security, in a statement.

"This year, the average time before respondents thought their IT budgets would be 80 percent cloud-based was 15 months, indicating that Cloud First for many companies is progressing and remains the objective," continued Samani.