45% of cybersecurity professionals are considering leaving the industry due to stress

Deep Instinct has released the third edition of its annual Voice of SecOps report, focusing on rising and unsustainable levels of stress among 1,000 senior executives and cybersecurity professionals across all industries and roles. The study found that 45% of respondents considered leaving the industry due to stress, with the main issues being a relentless threat of ransomware and the expectation of always being available or available.

stress levels of cybersecurity professionals

Research has confirmed that paying a ransom remains a hotly debated topic. 38% of respondents admitted to paying a ransom, with 46% saying their data was still exposed by hackers; and 44% were unable to restore all their data even after paying a ransom.

Cybersecurity’s Great Resignation

Defending against increasingly advanced threats on a daily and hourly basis is more challenging than ever, as 46% of respondents felt their stress had measurably increased over the past 12 months. This was especially the case for those working in critical infrastructure. These heightened stress levels have led cybersecurity professionals to consider leaving the industry altogether, joining the “big quit,” rather than moving into a new cybersecurity role with a new employer.

  • 45% admit to considering leaving the industry at least once or twice
  • 46% know at least one person who has completely given up on cybersecurity in the past year due to stress

Who is stressed and why?

The stress is felt not only by SOC teams and others on the front lines, but also by those in the C-Suite who are making the tough decisions about how to use their available resources more effectively.

The biggest stressor: ransomware

45% of respondents said ransomware was the top concern for their company’s C-Suite. The survey found that 38% of respondents admitted to paying in order to receive the encryption key primarily to avoid downtime (61%) or bad publicity (53%). However, paying the ransom did not guarantee post-attack resolution in many cases.

Of those who report that a payment has been made:

  • 46% said their data was still exposed by hackers
  • 44% couldn’t restore all their data
  • Only 16% said they had no more problems today

In response to these ransomware payment issues, 73% of respondents said they would not pay ransom in the future.

Among those who claimed they would always pay for a ransomware demand in the future, the widespread fear remained that they would be safe in the future.

The fear of paying a ransom in the future included the following:

  • 75% don’t expect to see all their data restored
  • 54% fear that criminals will make data exfiltration public again, and
  • 52% fear attackers have set up a backdoor and are coming back

“As the constant waves of cyberattacks are likely to become more commonplace and evasive as we move forward, it is of the utmost importance to ensure that those who dedicate their careers and lives to defending our businesses and of our country don’t get too stressed and give up,” said Guy Caspi, CEO of Deep Instinct.

“By adopting and using new defensive techniques, like artificial intelligence and deep learning, we can help the cybersecurity community mitigate one of the most important issues often overlooked by many: the people behind the keyboard.”

Is AI the new “stress ball”?

It is increasingly recognized that tools based on artificial intelligence (AI) are very effective in combating sophisticated attacks such as ransomware. AI is recognized as having the potential to reduce critical productivity issues, such as reducing false positives, which will allow teams to focus their time and resources on more critical cyber defense issues.

  • 53% agree that “they need more automation via AI/ML to improve security operations”
  • 82% would rather rely on AI than humans to hunt threats
  • Only 6% say they “don’t trust AI”

27% of respondents said their false positive rate had increased over the past year and 26% admitted to turning off alerts altogether because they were overwhelmed and didn’t have time to pay attention , leaving their organization with critical security vulnerabilities. Developing a better balance between “assuming a breach” and prevention to reduce false positives was cited by 47% of respondents to improve their overall security posture.

Leave a Reply