Four in 10 UK cyber leaders say stress could push them to leave their job within the next year, according to a new study. Combined with the ongoing skills crisis, mass resignations could leave many sectors in a precarious situation.
Cybersecurity services company Bridewell surveyed 521 critical national infrastructure decision makers across multiple sectors, finding that 95% are experiencing factors that would make them likely to leave in the next 12 months. These leaders overwhelmingly attributed their desire to leave their position to two dominant causes: 42% say a cyber breach is inevitable and do not want it to tarnish their career, and 40% say stress and burnout are heavily impacting their personal lives.
Reasons for wanting to leave the profession vary based on level of seniority, Bridlewell found. C-level executives, for example, are more likely to fear a cyberattack, while those at director level report higher levels of stress and burnout. Heads of department are more likely to be pushed to leave by unrealistic expectations, while managers are more driven by pay.
Cybersecurity burnout has been a concern for months, especially as ransomware threats reach an all-time high. Indeed, 72% of respondents say cyberattacks have gone up since Russia's invasion of Ukraine, and 79% think their operations will be significantly disrupted by ransomware in the next 12 months. Additionally, 87% of respondents surveyed by Bridewell said they feared losing their job as a result of a cyberattack.
The situation is compounded by the ongoing cybersecurity skills crisis. Many professionals do not possess the right skills and qualifications required to keep IT systems safe from security threats, especially as traditional security operation centers now require over 40 different tools to ensure cloud and other system security -- and these tools can require around-the-clock supervision, as well as expert configuration.
Bridewell reports that 68% of leaders say it has become harder to recruit the right people to secure and monitor systems over the past 12 months, in part due to intense demand for cybersecurity professionals. Further, 56% of respondents believe the proposed updates to regulations around network and information systems are unfeasible -- 55% are still trying to meet the original requirements.
The prevalence of remote and hybrid workers adds another dimension to the cybersecurity skills crisis, as has the migration of data and applications to the cloud, which makes corporate networks and data more vulnerable to cyberattacks. According to Bridewell, 28% of cyber leaders report that they do not believe they have the right skills to secure a remote-working environment -- something that needs to be addressed urgently if companies hope to evolve the workplace beyond the office.
Regarding attempts to stem the cycle of employee burnout and retention within the industry, Scott Nicholson, CEO at Bridewell, said employers needed to expand the scope of their hiring searches into other industries and professions. "The biggest trick organisations are missing when it comes to narrowing the cyber skills gap is not taking on people from other disciplines," Nicholson said.
"This is only fuelling the situation and means companies could be missing out on great candidates with transferable skills."