Despite an uncertain economy, a survey of 301 IT and cybersecurity professionals found half of cybersecurity professionals reported it is very likely, likely or somewhat likely they will leave their current job this year.
Conducted by Enterprise Strategy Group on behalf of Information Systems Security Association (ISSA) International, the survey found nearly two-thirds (66%) found that working as a cybersecurity professional has become more difficult over the past two years, with more than a quarter (27%) stating that it is much more difficult.
Nevertheless, a full 80% are either very satisfied (44%) or somewhat satisfied (36%) with their current position, so it’s not clear whether salary or stress levels might be influencing decisions to leave an organization.
A full 81%, however, cited the increase in cybersecurity complexity and workload as a reason their careers are more difficult now. Well over half (59%) specifically said their careers are more difficult because of the increase in cyberattacks due to an expanding attack surface, while 46% state noted their cybersecurity team is understaffed.
The most stressful aspects of their job are workload (35%) followed by working with disinterested business managers (30%). Other stressful aspects of cybersecurity professionals’ jobs included finding out initiatives were started without any input from cybersecurity (29%) and keeping up with the needs of new IT initiatives (27%).
Close to three quarters (71%) also reported their organization was impacted by the cybersecurity skills shortage—up from 57% a year ago. Nearly all respondents (95%) also said the cybersecurity skills shortage and its associated impacts have not improved over the past few years, with 54% saying it has only gotten worse. More than a quarter (27%) said the impact of this shortage on their organization has been significant. A full 88% said it is extremely difficult, difficult or somewhat difficult to recruit and hire cybersecurity professionals.
The impact of that shortage included increased workloads (61%), unfilled open job requisitions (49%) and high burnout among staff (43%) as well as an inability to fully learn how to use cybersecurity tools (39%), according to respondents. Areas where the security skills shortage was most acute are application security (38%), cloud security (37%), security analysis and investigations (27%) and security engineering (26%).
Most respondents (60%) also said their organization could be doing more to mitigate the cybersecurity skills shortage, with over one-third (36%) stating that they could be doing much more. A total of 43% also acknowledged that both budget pressures and regulatory compliance complexity have increased and present further challenges.
Candy Alexander, board president for ISSA International, said it’s apparent that despite years of discussion, the cybersecurity skills crisis is deepening. Business and IT leaders need to invest more in training and tools to reduce staff burnout at a time when cyberattacks are increasing in terms of both volume and sophistication.
Jon Oltsik, distinguished analyst and fellow at ESG, added that in some instances, organizations will need to re-evaluate their entire business and cybersecurity strategy because there is not enough cybersecurity and IT talent available to execute it in its current form.
Naturally, the level of cybersecurity stress experienced will vary from one organization to another, but eventually, it takes a toll that eventually kills an organization.
Recent Articles By Author