CNI-focused organisations “must lighten load” on cyber security teams

The research, which surveyed UK cyber security decision-makers in the communications, utilities, finance, Government and transport and aviation sectors, reveals that 95% are experiencing factors that would make them likely to leave their role in the next 12 months.

Over four-in-ten (42%, in fact) of respondents feel that a breach is inevitable and don’t want to tarnish their career, while 40% suggest that they’re experiencing stress and burnout which is negatively impacting their personal life.

The prospect of people leaving jobs is particularly problematic for CNI organisations at a time when the threat of attacks remains high. Over two-thirds of UK CNI cyber leaders state that the volume of threats and successful attacks has increased over the past year, while 69% believe it’s now harder to detect and respond to threats.

Fears of staff leaving are also compounded by the ongoing skills shortage in the sector with 68% of respondents saying it has become harder to recruit the right resources to secure and monitor systems over the past year.

Four-in-ten say they currently don’t have the skills to monitor security threats in the cloud, 31% don’t have the right skills needed to run a modern security operations centre and 28% of respondents believe they don’t have the right skills to effectively and efficiently secure a remote environment.

Biggest constraint

Martin Riley, director of managed security services at Bridewell, commented: “Talent is now the biggest constraint in cyber security. Organisations simply cannot afford to lose their staff. Security leaders need the right authority, budget and technology stack to build out and implement an effective threat-led cyber security strategy and should lean on external consultants where necessary to plug any gaps quickly and help lighten the load placed on the team.”

Riley went on to state: “Companies that can demonstrate they’re investing in staff well-being, support and development can inspire a real change of heart in those that may be looking to leave.”

A range of factors are contributing to the increased pressure and burnout felt by IT teams, including the growing number of cyber attacks, the increasing complexity of cyber security compliance, greater interconnectivity of systems and the constant need to understand new technologies while also delivering on ever-expanding cyber assurance activities.

Reasons for leaving vary based on level of seniority, with those at C-Level more likely to fear tarnishing their career if there’s a cyber attack, while those at director level report higher levels of stress and burnout. Meanwhile, heads of department are more likely to ‘jump ship’ due to unrealistic expectation, whereas managers are more driven by pay.

Basic skills gap

Recent research from the Department for Digital, Culture, Media and Sport reveals that approximately 697,000 UK businesses have a basic skills gap. To help tackle that skills gap, the Government recently announced an upskilling in cyber programme, which aims to identify and rapidly re-skill individuals for roles in cyber security in just ten weeks.

The programme launches on Monday 4 July. Students will undertake two SANS Institute training courses and receive soft skills development to ensure they are immediately deployable within the cyber security workforce.

Scott Nicholson, CEO at Bridewell, concluded: “We’re seeing a consistent noise around the skills, employee retention and burnout cycle in the industry. While we’re witnessing some uptake, the biggest trick organisations are missing when it comes to narrowing the cyber skills gap is not taking on people from other disciplines. This is only fuelling the situation and means that companies could be missing out on great candidates with transferable skills.”

*Download the full report entitled ‘Cyber Security in UK Critical National Infrastructure: 2022’ here