Nearly Half Cybersecurity Leaders Set To Change Jobs, Warns Gartner

Within the next two years, nearly half of cybersecurity leaders will change their jobs, creating a recruitment headache for senior management.

This is the prediction from analyst house Gartner, which highlighted the fact that cybersecurity professionals are facing unsustainable levels of stress, and 25 percent of cybersecurity leaders are expected to pursue different roles entirely as a result.

The Gartner prediction comes after a survey from threat detection specialist Vectra last year found that 50 percent of security leaders said they were ready to throw in the towel.

Cyber crisis?

Now this week Gartner has said that by 2025, nearly half of cybersecurity leaders will change jobs, and 25 percent will opt for different roles entirely due to multiple work-related stressors.

“Cybersecurity professionals are facing unsustainable levels of stress,” said Deepti Gopal, Director Analyst, Gartner. “CISOs are on the defence, with the only possible outcomes that they don’t get hacked or they do. The psychological impact of this directly affects decision quality and the performance of cybersecurity leaders and their teams.”

Given this stress points, coupled with the massive market opportunities for cybersecurity professionals, talent churn poses a significant threat for security teams Gartner has warned.

Its research apparently shows that compliance-centric cybersecurity programmes, low executive support and subpar industry-level maturity are all indicators of an organisation that does not view security risk management as critical to business success.

Organisations of this type are therefore likely to experience higher attrition as talent leaves for roles where their impact is felt and valued.

“Burnout and voluntary attrition are outcomes of poor organisational culture,” said Gopal. “While eliminating stress is an unrealistic goal, people can manage incredibly challenging and stressful jobs in cultures where they’re supported.”

Human vulnerability

And as ever, humans remain the main problem associated with cyber-attacks.

Gartner predicts that by 2025, lack of talent or human failure will be responsible for over half of significant cyber incidents.

It said the number of cyber and social engineering attacks against people is spiking as threat actors increasingly see humans as the most vulnerable point of exploitation.

For example a Gartner survey conducted in May and June 2022 among 1,310 employees revealed that 69 percent of employees have bypassed their organisation’s cybersecurity guidance in the past 12 months.

In the survey, 74 percent of employees said they would be willing to bypass cybersecurity guidance if it helped them or their team achieve a business objective.

“Friction that slows down employees and leads to insecure behaviour is a significant driver of insider risk,” said Paul Furtado, VP Analyst, Gartner.

“CISOs must increasingly consider insider risk when developing a cybersecurity programme,” added Furtado. “Traditional cybersecurity tools have limited visibility into threats that come from within.”

Managed programs

To confront this rising threat, Gartner predicts that half of medium to large businesses will adopt formal programs to manage insider risk by 2025, up from 10 percent today.

The analyst house said that a focused insider risk management program should proactively and predictively identify behaviours that may result in the potential exfiltration of corporate assets or other damaging actions and provide corrective guidance, not punishment.

Last June a security expert praised the government’s new digital strategy for placing an emphasis on cyber-security and skills shortages.

The government provisions include a reform to digital regulations, supporting innovation in universities and the private sector, making it easier for tech companies to raise funds on the public markets and improving digital elements in public services.