NEARLY 50% of cyber security leaders will change jobs by 2025, some 25% of them in favour of different roles entirely, in the main due to multiple work-related ‘stressors’. That’s according to market analyst Gartner.
“Cyber security professionals are facing unsustainable levels of stress,” explained Deepti Gopal, director analyst at Gartner. “Chief Information Security Officers are on the defence, with the only possible outcomes that they don’t become hacked or they do. The psychological impact of this directly affects decision quality and the performance of not just cyber security leaders, but also their teams.”
Given these dynamics, in unison with the massive market opportunities for cyber security professionals, talent churn poses a significant threat for security teams. Gartner’s research shows that compliance-centric cyber security programmes, low executive support and sub-par industry-level maturity are all indicators of an organisation that does not view security risk management as being critical to business success. Organisations of this type are likely to experience higher attrition rates as talent leaves for roles where their impact is perhaps better felt and more highly valued.
“Burnout and voluntary attrition are outcomes of poor organisational culture,” continued Gopal. “While eliminating stress is an unrealistic goal, it’s fair to suggest that individuals can ably manage incredibly challenging and stressful jobs in cultures where they’re supported.”
Chief cause of security incidents
Gartner predicts that, by 2025, lack of talent or human failure will be responsible for over half of significant cyber incidents. The number of cyber and social engineering attacks perpetrated against individuals is spiking as threat actors increasingly view humans as the most vulnerable point of exploitation within an organisation.
A Gartner survey conducted in May and June 2022 among 1,310 employees revealed that 69% of employees have bypassed their organisation’s cyber security guidance in the past 12 months. In the survey, 74% of employees said they would be willing to bypass cyber security guidance if it helped them (or their team) towards achieving a business objective.
“Friction that slows down employees and leads to insecure behaviour is a significant driver of insider risk,” stated Paul Furtado, vice-president analyst at Gartner.
To confront this rising threat, Gartner predicts that 50% of medium-to-large businesses will adopt formal programmes designed to manage insider risk by 2025. That’s up from a figure of 10% today.
A focused insider risk management programme should proactively and predictively identify behaviors that may result in the potential exfiltration of corporate assets or other damaging actions and provide corrective guidance, not punishment.
“Chief Information Security Officers must increasingly consider insider risk when developing a cyber security programme,” concluded Furtado. “Traditional cyber security tools have limited visibility into threats that come from within.”
01784 431 611