The heightened risk of cyberattacks on businesses is being compounded by significant recruitment and retention issues within cybersecurity teams, making them more vulnerable to potential attacks, according to new research from ThreatConnect Inc.® -the leader in reducing complexity and enabling better decision making in cybersecurity.
With the number of data breaches in 2021 soaring past that of 2020, there is added pressure on Security teams to keep businesses secure. However, when strength and stability have never been more needed, ThreatConnect’s research has found a concerning level of staff churn, skills shortages, burnout, and low staff morale, pointing towards depleted reserves trying to manage the growing risk.
Turnover rates in security on the rise
While a significant majority of respondents report feeling positive about their organisation’s capabilities in cyber security, senior decision-makers across the UK report an average security staff turnover rate of 20% and almost three quarters (74%) have seen this rise in the past year.
Around 2 in 5 Security managers across the UK (41%) say they are considering quitting their jobs in the next six months, highlighting the ongoing scale of the so-called ‘‘Great Resignation’ impacting the industry. 31% of UK respondents also reported difficulties recruiting people with the skills and talent needed for cybersecurity. Think about a security role today and then look at how much that job role has expanded in the last two decades. The roles aren’t the same. In fact, the landscape is moving so fast that the skills of a graduate are already behind.
Perhaps most tellingly, however, only 23% of UK Security leaders asked would be likely to recommend a career in cybersecurity compared to a more significant 42% proportion who are unlikely to. With the number of data breaches and cyber security incidents on the rise, coupled with smaller teams and higher stress levels, the strain on IT teams is evident. This is a much less positive state of affairs than in the US, where 44% felt positively towards promoting a career in the IT industry, versus 20% negative.
Teams under pressure
Now, more than ever, security teams are being expected to do more with less leading to increased stress levels. More than a third (37%) of respondents in the UK reported feeling highly stressed about work and more than half (53%) said their stress levels increased over the past six months. Long hours and heavy workloads are notable drivers of personal stress at work, manifesting in headaches (44%), a drop in work performance (43%), and sleeping difficulties and fatigue (37%).
Unsurprisingly, those experiencing high levels of stress are almost twice as likely to be considering resigning. The top reasons given by respondents in the UK considering quitting their jobs are a lack of opportunities to work from home (31%), high-stress levels (26%), and the attraction of a better salary elsewhere (25%). However for Security managers respondents specifically, excessive workload is the most commonly cited factor (31%).
Addressing the ‘Great Resignation’
With staff turnover increasing and a potential shortfall of advocacy encouraging new talent into the profession, there appears to be a potentially vicious cycle impacting staffing levels and, therefore, organisations’ ability to mitigate the risk of cyberattacks and further increasing pressure on security teams. Added to this, a significant 32% of respondents to ThreatConnect’s survey did not agree that their company can keep up with the volume and sophistication of cyber threats, and 28% didn’t agree their company had the right security systems in place.
“Now more than ever, IT security teams are being expected to do more with less,” said Adam Vincent, Co-Founder and CEO at ThreatConnect. “High employee turnover and stressed IT professionals can negatively impact an organisation’s performance both in the short term and in the long term. The growing volume and sophistication of threats makes it critical that organisations manage workload feasibility and give teams the support they need.”
“Organisations need to invest to support those tasked with protecting the security of the organisation with the best tools and working environment to attract talent and keep them happy and productive. Creating a workplace that is attractive to current and potential professionals is essential to hold on to skills and expertise they need to protect their entire operation for the long-term.”
With added workloads and a change in dynamics across the sector, the recently released ThreatConnect 6.4 aims to support teams with additional capabilities building on its Threat Intelligence Platform (TIP) and Security Orchestration and Automation platform (SOAR), to empower the workflow of threat intelligence and security operations teams individually and when working together. Security operations and cyber threat intelligence (CTI) analysts benefit from quicker valuable context to speed up investigations. This combined approach creates a continuous feedback loop that helps make Intelligence-Driven Operations a reality and better measures team efficiencies.
For more information and to read the full report, visit here.