Cybersecurity leaders want to quit. Here's what is pushing them to leave

Cybersecurity might just be the most stressful job in tech right now. But there might be a (tiny) glimmer of light at the end of the tunnel.
Written by Owen Hughes, Senior Editor
Man at computer screen in dark room, head in hands looking stressed out :(
Image: Getty Images / Westend1

Almost a third of chief information security officers (CISOs) and IT security managers in the UK and US are considering leaving their current organization, according to new research.

Not only that, but a third are planning to quit their jobs within the next six months.

Cybersecurity firm BlackFog surveyed over 400 IT decision-makers at companies with 500+ employees in the US and UK, to understand the challenges they faced amid growing IT security threats and a shortage of skilled professionals in the industry.

It found that many IT security leaders are struggling to keep up with evolving threats and new cybersecurity practices, while also reporting issues around recruitment, retention and work-life balance that are prompting many to turn away from the industry.

When asked about the aspect of their role that they disliked most, 30% cited the lack of a work-life balance, with 27% saying that much time was spent on 'firefighting' rather than addressing strategic business issues.

Also: Raising cybersecurity awareness is good for everyone - but it needs to be done better

On top of the 32% of CISOs planning a departure due to the stresses of the job, 52%, admitted that they are struggling to keep up to date with new frameworks and models such as Zero Trust, while a further 20% felt that having the right skills on their team was "a serious challenge".

Of the 32% of respondents considering leaving their roles, 33% said they would do so within the next six months, while 37% said they were prepared to jump ship within the next 7-12 months.

BlackFog's research echoes growing concerns amongst cybersecurity leaders about their ability to keep businesses and consumers safe amid a rise in cybercrime and serious cybersecurity skills shortage.

It also highlights the immense strain faced by cybersecurity professionals, who are increasingly leaving the profession due to stress, burnout and wellbeing challenges.

Also: Bosses say they're serious about cybersecurity. It's time for them to prove it

There were some nuggets of good news in BlackFog's report. For instance, cybersecurity leaders feel they are finally getting through to company leaders: 75% of those surveyed by BlackFog felt there is "full alignment" between board expectations and what CISOs are able to deliver.

In fact, two-thirds (64%) of respondents said they are able to complete their priority tasks within the first six months of starting their role. BlackFog found that, on average, 27% of IT spending goes towards security budgets – and CISOs appear to be satisfied with this.

CISOs also report a sense of purpose in their roles: 44% of respondents to BlackFog's survey said the most enjoyable aspect of their role is acting as the company 'protector' andkeeping people working in safe environments. Darren Williams, CEO and founder of BlackFog, said that, while the role of a cybersecurity leaders carries "huge challenges and enormous pressures", there are "encouraging signs" that bosses are listening to their concerns and aligning their budgets and business priorities accordingly.

Williams added: "Adapting to a fast-changing landscape is key, however, and organizations need to ensure that their security teams are given the time and resources to devote to keeping pace with the latest thinking, frameworks and innovations designed to lower their cyber risk."  

Editorial standards