64% of cybersecurity professionals report that their organization is facing some level of cybersecurity staff shortage. Unsurprisingly, 56% reported that their organization was facing additional security threats as a result.
The impact of the current cybersecurity workforce gap increases by the day as we become more dependent on the internet and digital technologies, as companies continue to transition to the cloud, and as the prevalence of hybrid/remote working environments grows.
Far from bringing a reprieve, the COVID-19 pandemic has put additional pressure on the cybersecurity industry. Not only did cyber-attacks surge during this time, but attackers were also quick to adapt to the new situation and exploit new opportunities.
While most cybersecurity professionals were unaffected, 7% reported that they were laid off as a result while 16% knew of a peer who lost their job.
So far, the impact has been most poignant regarding the lack of cybersecurity talent in leadership positions. This is because many organizations feel they lack the experience and leadership potential to help them implement new and wide-ranging cybersecurity strategies, particularly at the CISO level.
LIFARS’ CISO as a Service is designed to address an organizations’ information security leadership needs. Our CISOs are highly skilled at establishing, improving, and transforming Cybersecurity Programs. We focus on maximizing business values by minimizing risks and optimizing opportunities. Our CISO as a Service can help executives and their organization by providing the professional security oversight needed to ensure the best security practices.
Why is the cybersecurity industry losing talent?
The chief causes of the worsening cybersecurity gap are simple enough to understand but harder to solve, the reason in many cases is burnout.
According to a recent CREST report, as many as 1 in 3 cybersecurity professionals report they are under significant stress. Following closely behind, 27% of CISOs report that their stress levels are at a point where it’s affecting their ability to do their job.
The most cited reasons for the increased stress of professionals in cybersec positions were identified as:
- Constant and more organized, sophisticated threats/attacks
- A lack of downtime
- Low sense of personal worth/value and high degree of cynicism
- Solitary nature of remote working
- Cybersecurity is not widely accepted as a strategic function
- Increasing regulation
- Having to secure too much data in too many places
- Threat of losing job or being disciplined
Clearly, there is a snowball effect at work. The more incessant and sophisticated attacks become, the harder the job of cybersecurity professionals become, leading to less lower job retention. In turn, this lack of resources only makes the problem worse.
Another problem is that the goals of cybersecurity professionals can often feel at odds with the rest of the company and their non-security colleagues. For example, the practices they prescribe can often negatively impact productivity or make “more work” for others.
Lastly, the way businesses are evolving to more cloud and data-oriented processes is making it harder to plan and carry out security operations as it expands an organization’s threat border and protected assets.
However, according to another study by ISACA, the main reason was not burnout but a lack of promotion and development opportunities.
What is the solution?
Many organizations have tried to solve their cybersecurity talent deficit by stepping up recruitment. However, this solution is not sustainable and is only a temporary fix if we cannot address the problems with retaining and nurturing cybersecurity staff.
This steady drip will not only stall any progress in closing the gap but also leads to the lack of highly skilled, highly experienced leadership at the top of the cybersecurity chain.
There are several things’ organizations can do in this regard:
- Step up employee cybersecurity training and education: Not only will a better-prepared workforce help to relieve the pressure on overburdened cybersec staff, but it will also help reinforce the importance of good security practices and why it must be accommodated at all levels.
- Start treating cybersecurity as a core business function: Cybersecurity is becoming an increasingly important part of any highly functioning and successful business. A single data breach can lead to millions in damages as well as setback operations.
- Continue to invest in and develop talent: While keeping a steady influx of cybersecurity talent is still important, even more must be done to try and retain existing talent. This means investing in your cybersecurity team in the form of increased salaries, opportunities for advancement, training, and putting resources in place to help them deal with burnout and work-related stress.
- Get outside help: Working with trusted cybersecurity consultants or service providers can help bolster your cybersecurity team and fill any gaps in your experience or skillsets. From training initiatives to read teaming security tests to CISO as a Service to incident response or digital forensics – it can help support your internal cybersecurity team to provide additional direction and limit burnout.