‘Unsustainable stress levels’ driving cyber security workers to quit

According to the Deep Instinct report titled, Voice of SecOps 2022: Why your cybersecurity leaders and staff are thinking about leaving, cyber security professionals have considered quitting the industry permanently due to pressure, with "potentially catastrophic consequences for the organisations that rely on their vigilance".

Cyber security professionals face immense pressure to keep businesses secure which has had many contemplating on quitting the industry altogether.

The burden of preventing such attacks weighs heavily on those tasked with keeping networks and wider organisational systems secure, Deep Instinct found. More than 90 per cent of cyber security professionals are stressed in their roles, with a "significant proportion" of professionals conceding that this is negatively impacting their ability to do their jobs.

Security researchers have warned of "increasing and unsustainable stress levels" in the cyber security workforce resulting from persistent ransomware threats and looming, large-scale attacks, which are pushing security professionals towards abandoning the industry altogether.

Researchers found that "unrelenting threat from ransomware" has been a cause of burnout and fatigue in cyber security. The burden on security professionals have also been exacerbated by the shift to remote working, which has made network security more challenging for organisations.

The Deep Instinct has also found that those surveyed in leadership positions are likely to be feeling the pressures of the industry more acutely, with one in three C-suite executives (including CISOs, CTOs, ITOs and IT strategy directors) admitting that they were "highly stressed".

Remote working has made difficult to ensure IT security practices are being followed. The report has found IT teams are still not sufficiently equipped to address the challenges remote working presents and limited oversight that cyber security teams now have over devices have increased the pressure.

Deep Instinct has found that over 52 per cent of C-suite professionals surveyed revealed that securing a remote workforce was their biggest cause of concern. Researchers highlighted the challenges of securing hybrid environments as the survey participants added the impact of digital transformation on the organisation's security posture has also been a major concern.

VIEW ALL

"Senior cyber security executives acknowledge that their stress levels are impacting decision-making and can have implications for the security posture of companies.

"The stress we're seeing across the cyber industry appears to be accelerating the exodus of talented people from the industry – a particular challenge when many cyber security defences and mitigation processes are human-dependent, requiring constant monitoring and intervention," Deep Instinct researchers stated.

The research also revealed that SecOps teams have been burdened by larger workloads and longer hours as a result of persistent cyber security threats.

Almost half of survey respondents positioned outside of the C-suite (47 per cent) stated that "they felt pressured to stop every threat, despite acknowledging that it was impossible to do so", while 43 per cent of respondents felt there was an expectation to always be on call or available. The Deep Instinct researchers also identified a "widespread adoption of completely counter-productive measures" to alleviate stressors, such as switching off "overwhelming" alerts.

Lack of tools to perform their role properly and staff shortages were identified as key challenges by 40 per cent of respondents, respectively.

"The results show there is not one clear winner which reinforces why stress levels are so high.

"Without a singular focus on one type of attack, resources are stretched thin and its obvious to see how a SecOps team may feel deflated against the challenges they face," Deep Instinct researchers said.

The shift to remote working has been an opportunity for cyber criminals with the past two years seeing an uptick in ransomware incidents.

More than a third (38 per cent) of survey respondents admitted to both experiencing a ransomware attack and paying the ransom in exchange for the decryption key, compared to 62 per cent that didn't pay. However, paying hackers off does not guarantee the safe return of company data with 46 per cent of those who paid revealing records or sensitive information were exposed anyway. About 45 per cent of respondents were unable to restore all their data and a further 23 per cent of respondents were hit by a subsequent extortion demand after paying the ransom.

Deep Instinct's survey participants were at businesses with 1,000 employees or more, and for businesses with annual revenues of at least US$500 million across financial services, retail and e-commerce, healthcare, manufacturing, public sector, critical infrastructure, and technology.

[Related: Penten offers cyber security solution for military SATCOM project]