Nearly a third of the cybersecurity workforce is planning to leave the industry in the near future, new research suggests, leaving organizations in a troubling position as the threat landscape evolves "at an alarming rate".
Cybersecurity firm Trellix commissioned a survey of 1,000 cybersecurity professionals globally and found that 30% are planning to change professions within two or more years. Organizations are already facing cybersecurity skills shortages, with not enough people having the skills and qualifications required to keep IT systems secure from breaches and other security threats.
Adding more fuel to the fire, organizations face a growing threat from cyber criminals and nation-state hackers, whose attacks are growing "in volume and sophistication".
Trellix's survey found that 85% of organizations report that a workforce shortage is impacting their ability to secure their IT systems and networks.
As for cybersecurity workers themselves, those who plan on leaving the profession are doing so because they feel underappreciated and unable to grow in their roles. A lack of clear career path (35%), a lack of social recognition (31%) and limited support to develop their skills (25%) were cited as the top three frustrations pushing security workers to quit. Other reasons spurring a move away from cybersecurity were: professionals feeling they had accomplished all they had wanted from their roles; burnout; and not being satisfied with their salaries.
SEE: Cybersecurity burnout is real. And it's going to be a problem for all of us
Organizations recognized that support for the development of skills (85%) and certifications (80%) were highly important factors for the industry to address to expand the workforce. Efforts to promote cybersecurity careers (43%), encouraging students to pursue STEM-related careers (41%), and further funding support (39%) were ranked among the top ways to attract more people into cybersecurity jobs.
Meanwhile, more than nine in 10 (94%) cybersecurity professionals feel that employers could be doing more to encourage community mentoring programs with a presence in K-12 schools.
Fabien Rech, VP EMEA at Trellix, said the need to remove barriers to entry in cybersecurity had "never been greater".
Rech told ZDNet: "To help cultivate and nurture the best cybersecurity workforce for our future, we should broaden the scope for talent and change our working practices in the sector. Closing the talent gap is not only a business imperative, but a critical factor for our security."
A shortage of talent for employers and a lack of support for employees are not the only issues facing the cybersecurity industry: respondents to Trellix's survey said employers and educators need to do more to promote diversity, inclusion, and equality.
SEE: Cybersecurity has a desperate skills crisis. Rural America could have the answer
Of the respondents surveyed, 78% were male, 64% were white and 89% were heterosexual – highlighting an urgent need to diversify the cybersecurity profession. The majority of respondents (91%) recognized the need for wider efforts to grow the cybersecurity talent pool from diverse groups.
When it comes to encouraging more people to consider a career in cybersecurity, respondents reported inclusivity and equality for women (79%), diversity of the cybersecurity workforce (77%) and pay gaps between different demographic groups (72%) as highly or extremely important factors for the industry to address.
Nearly all (94%) of professionals surveyed by Trellix felt their employers could be doing more to consider employees from non-traditional cybersecurity backgrounds. Most respondents (92%) believe greater mentorship, internships, and apprenticeships would support the participation of workers from diverse backgrounds in cybersecurity roles.
Further, 85% felt that a lack of understanding of opportunities available in cybersecurity was discouraging people from joining the industry, resulting in the current workforce shortages.
Rech added: "The future of our industry relies on us actively working to inspire employees daily, supporting their progression and increasing awareness of a career in cyber amongst talented individuals from different backgrounds. This cannot be achieved by one organisation and requires a collective effort across organisations and bodies within public and private sectors."