Organisations at risk of cybersecurity 'burnout'

41% of IT security managers plan to quit their job in the next 6 months, experiencing high stress.

The heightened risk of cyberattacks on businesses is being compounded by significant recruitment and retention issues within cybersecurity teams, making them more vulnerable to potential attacks, according to new research from ThreatConnect Inc.® -the leader in reducing complexity and enabling better decision making in cybersecurity.

With the number of data breaches in 2021 soaring past that of 2020, there is added pressure on Security teams to keep businesses secure. However, when strength and stability have never been more needed, ThreatConnect’s research has found a concerning level of staff churn, skills shortages, burnout, and low staff morale, pointing towards depleted reserves trying to manage the growing risk.

Turnover rates in security on the rise

While a significant majority of respondents report feeling positive about their organisation’s capabilities in cyber security, senior decision-makers across the UK report an average security staff turnover rate of 20% and almost three quarters (74%) have seen this rise in the past year.

Around 2 in 5 Security managers across the UK (41%) say they are considering quitting their jobs in the next six months, highlighting the ongoing scale of the so-called ‘‘Great Resignation’ impacting the industry. 31% of UK respondents also reported difficulties recruiting people with the skills and talent needed for cybersecurity. Think about a security role today and then look at how much that job role has expanded in the last two decades. The roles aren't the same. In fact, the landscape is moving so fast that the skills of a graduate are already behind.

Perhaps most tellingly, however, only 23% of UK Security leaders asked would be likely to recommend a career in cybersecurity compared to a more significant 42% proportion who are unlikely to. With the number of data breaches and cyber security incidents on the rise, coupled with smaller teams and higher stress levels, the strain on IT teams is evident. This is a much less positive state of affairs than in the US, where 44% felt positively towards promoting a career in the IT industry, versus 20% negative.

Teams under pressure

Now, more than ever, security teams are being expected to do more with less leading to increased stress levels. More than a third (37%) of respondents in the UK reported feeling highly stressed about work and more than half (53%) said their stress levels increased over the past six months. Long hours and heavy workloads are notable drivers of personal stress at work, manifesting in headaches (44%), a drop in work performance (43%), and sleeping difficulties and fatigue (37%).

Unsurprisingly, those experiencing high levels of stress are almost twice as likely to be considering resigning. The top reasons given by respondents in the UK considering quitting their jobs are a lack of opportunities to work from home (31%), high-stress levels (26%), and the attraction of a better salary elsewhere (25%). However for Security managers respondents specifically, excessive workload is the most commonly cited factor (31%).

Addressing the ‘Great Resignation’

With staff turnover increasing and a potential shortfall of advocacy encouraging new talent into the profession, there appears to be a potentially vicious cycle impacting staffing levels and, therefore, organisations’ ability to mitigate the risk of cyberattacks and further increasing pressure on security teams. Added to this, a significant 32% of respondents to ThreatConnect’s survey did not agree that their company can keep up with the volume and sophistication of cyber threats, and 28% didn’t agree their company had the right security systems in place.

“Now more than ever, IT security teams are being expected to do more with less,” said Adam Vincent, Co-Founder and CEO at ThreatConnect. “High employee turnover and stressed IT professionals can negatively impact an organisation’s performance both in the short term and in the long term. The growing volume and sophistication of threats makes it critical that organisations manage workload feasibility and give teams the support they need.”

“Organisations need to invest to support those tasked with protecting the security of the organisation with the best tools and working environment to attract talent and keep them happy and productive. Creating a workplace that is attractive to current and potential professionals is essential to hold on to skills and expertise they need to protect their entire operation for the long-term.”

New Venafi research shows that ransomware attackers are regularly exfiltrating data, circumventing ‘restore from backup’ safety measures.
Channel and alliances veteran Mark Osmond to grow channel ecosystem relationships by tapping into rapidly growing application security testing market.
Retrospect has introduced Retrospect Backup 18.5, featuring new anomaly detection, customizable filtering and thresholds, and enhanced ransomware protection to help businesses quickly detect and protect against malicious attacks. With deeper Microsoft Azure Blob integration for Immutable Backups and integrated cloud bucket creation, Retrospect Backup 18.5’s anomaly detection and ransomware protect bolsters StorCentric's data-centric security approach to organizations’ critical infrastructure.
A fifth of employees believe their organisation has held back from modernising its processes with new technologies during the pandemic.
Industry’s first solution that unifies multicloud observability and advanced AIOps with real-time vulnerability management and defense.
Latest upgrade of industry-leading PAN-OS software leverages cloud compute to detect highly evasive threats more quickly and effectively than anything previously available.
InfiniGuard delivers significant updates for modern data protection, disaster recovery, and business continuity, while strengthening cyber resilience with InfiniSafe.
Binalyze enables enterprises to respond to cyber breaches in real-time which dramatically speeds up investigations and remediation; this funding will expand the platform’s capabilities.