What is Cybersecurity Workforce Stress?
The Great Resignation refers to a trend of employees reassessing their work-life situations in the aftermath of the pandemic. Many employees are resigning from a wide range of industries, employment types, and age groups, in search of better employment opportunities, higher pay, or a better work-life balance. In fact, 53% of workers worldwide say they are now prioritizing their physical and mental health and are willing to leave their current job if it enables a better work-life balance.1 This trend has reached the cybersecurity industry, exacerbating an existing cybersecurity workforce gap of more than 2.72 million positions worldwide.2 According to an (ISC)2 study, the global cybersecurity workforce needs to grow 65% to effectively defend organizations’ critical assets.
Some of the issues facing the cybersecurity workforce include:
Stress. Pressure on security teams is increasing due to workforce shortages and skills gaps. This is, in part, due to the mass exodus of baby boomers taking early retirement, leaving behind a smaller and younger workforce that has not necessarily been prepared with the necessary skills.3 Cybersecurity workers also feel stress from overworking and being held responsible for cybersecurity incidents.
Lack of diversity. Women still only make up 25% of today’s global cybersecurity workforce, and the field is still 72% Caucasian in the UK and North America.
The Great Resignation might have the following impacts to cybersecurity:
Insider threats. An insider threat refers to incidents where a direct employee or contractor uses their authorized access, wittingly or unwittingly, to do harm to an organization’s mission, resources, personnel, facilities, information, equipment, networks, or systems. Data theft from disgruntled employees would be an example of a malicious insider threat, while inadvertent leaking of sensitive data may be an example of an accidental insider threat. High turnover and erratic offboarding procedures can make this a difficult challenge for/by cybersecurity workers. Taking a zero-trust approach can mitigate these types of threats.
Security slowdowns. The duration of time between threats breaking and security professionals having the knowledge, skills, and judgement to defend against those breaking threats is an average of 96 days, despite recommendations that such breaking threats be identified and remediated within 48 hours.
Lack of resources. While cybersecurity threats and incidents are increasing, the cybersecurity workforce is shrinking. This leaves fewer cybersecurity workers tasked with doing more with less.
In order to avoid these negative impacts from cybersecurity resignation, organizations can consider the following:
- Adjust job requirements to focus on the skills new hires actually need
- Consider a range of talent from diverse backgrounds
- Offer ongoing training and development
- Reassess employee benefits
- Offer flexibility to improve employee work-life balance
- Consider outsourcing IT
1 Wells, 2022, “The Great Resignation isn’t over yet: Workers say they’ll quit if they don’t get the flexibility they want”
2 (ISC)2, 2021, “Cybersecurity Workforce Study, 2021”
3 Bonderud, 2022, “Top Cybersecurity Challenges Accompanying the Great Resignation: Experts Weigh In”