According to research by BlackFog, 32% of IT Security CISOs or DMs in the UK and US plan to leave their current organization. Of those considering leaving their current job, a third would do so within the next six months.
This research, which explored the frustrations and challenges faced by cybersecurity professionals, also highlights the impact of cyber incidents on employee turnover and job security. It found that of those who had been CISOs or IT security managers in a previous organization, 41% left or were fired due to a data attack or breach.
Asked what aspect of their role they disliked the most, 30% cited lack of work-life balance, with 27% saying too much time was spent fighting fires rather than to focus on strategic issues.
However, their role in protecting their organization from cyber threats was clearly valued, with 44% of respondents saying the most enjoyable part of the job is being the company’s “protector” and having the ability to make sure everyone is working safely.
“Cybersecurity expertise has never been more in demand; however, these numbers highlight a serious retention problem in the field. Board members and the C-suite must recognize that maintaining a strong team of IT security leaders is critical to the safety and security of their business,” said Dr. Darren Williams, CEO of BlackFog .
“Recruitment is a challenge on a global scale, and with fierce competition to attract top talent, organizations must address the wellness and work-life balance issues that persist in the industry. Organizations are not don’t want to run the risk of having a breach in their security posture as a result of losing their CISO.”
The struggle to keep up with new approaches to cybersecurity
Escalating cybersecurity threats are driving new innovations to help organizations improve their cybersecurity posture, however, the results show:
- 52% admitted to having trouble keeping up with new frameworks and models such as Zero Trust.
- Another 20% felt that keeping their teams’ skill levels in line with these was a “serious challenge.”
- 54% also felt they were unable to keep up to date with information on the latest cybersecurity solutions such as combating data exfiltration.
- 43% of respondents struggled to keep pace with the latest innovations in the cybersecurity market. This number varied by country, with 49% of US respondents agreeing compared to 36% in the UK.
Alignment with Board expectations
Several key positives emerge from this study, particularly in the area of board expectations of sponsors. The results show that 75% agree that there is complete alignment between board expectations of what they can accomplish in their role and what they are equipped and capable of accomplishing. In fact, 64% of respondents were able to complete their priority tasks within the first six months of their start date. This may be because, on average, 27% of IT spending goes to the security budget.
“These results show us that while the role of security leaders comes with enormous challenges and enormous pressures, there are encouraging signs that boards are listening to their needs and that there are , overall, a strong level of alignment in terms of expectations and leaders’ ability to achieve that,” Williams said.
“However, adapting to a rapidly changing landscape is critical, and organizations must ensure their security teams have the time and resources to keep pace with the latest thinking, frameworks, and innovations designed to reduce their cyber risk.”