Nearly half of cybersecurity leaders to switch jobs over mounting stress: Gartner

Nearly half of cybersecurity leaders may switch jobs, and around 25% may choose entirely different roles due to multiple work-related stressors, market research firm Gartner said in a new report published on Thursday.

“Cybersecurity professionals are facing unsustainable levels of stress,” said Deepti Gopal, Director Analyst at Gartner. “CISOs are on the defense, with the only possible outcomes that they don’t get hacked or they do. The psychological impact of this directly affects decision quality and the performance of cybersecurity leaders and their teams.” 

Given these dynamics as well as the massive market opportunities for cybersecurity professionals, talent churn poses a significant threat for security teams, said Gartner.

For example, compliance-centric cybersecurity programs, low executive support and subpar industry-level maturity are all indicators of an organisation that does not view security risk management as critical to business success. 

"Organisations of this type are likely to experience higher attrition as talent leaves for roles where their impact is felt and valued," said Gartner researchers.

Gartner further predicts that by 2025, lack of talent or human failure will be responsible for over half of significant cyber incidents. The number of cyber and social engineering attacks against people is spiking as threat actors increasingly see humans as the most vulnerable point of exploitation. 

An earlier study conducted by the analyst firm in May and June 2022 among 1,310 employees noted that 69% of employees have bypassed their organisation’s cybersecurity guidance in the past 12 months. In the survey, 74% of employees said that they would be willing to bypass cybersecurity guidance if it helped them or their team achieve a business objective. 

To confront these rising threats, Gartner predicts that half of medium to large enterprises will adopt formal programs to manage insider risk by 2025, up from 10% at present. The recent report added that focused insider risk management programmes should proactively identify behaviours that may help companies take the "right actions and provide corrective guidance, not punishment". 

Not only Gartner, another report by IBM Security  published on 3 October, 2022 stressed that over three-fourths or 77% of cybersecurity incident responders in India experience extreme or considerable mental strain as a result of responding to a major cybersecurity incident, including insomnia, burnout and impact on social life or relationships. 

The study noted that high-demand cybersecurity job often has a negative effect on mental health on cybersecurity professionals who provide the first line of defense after an attack is suspected or has been detected. 

“Burnout and voluntary attrition are outcomes of poor organisational culture. While eliminating stress is an unrealistic goal, people can manage incredibly challenging and stressful jobs in cultures where they’re supported," said Gopal.