Dire impact of burnout in ANZ cyber security industry
More than half (57%) of local cybersecurity professionals are either looking for new employers or considering exiting the industry all together, according to new research.
Data-driven cloud security company Lacework has released the findings of new research into burnout in the cyber security industry across Australia and New Zealand.
The results fuel concerns about local cyber skills shortages, with more than one quarter of respondents (27%) also saying that current resourcing is failing to meet this years' needs.
The survey, conducted amongst ANZ IT decision makers with a responsibility for cloud cyber security, also highlighted the need for greater toolchain consolidation and alert reduction to alleviate rising complexity and stress in the industry.
Increased stress levels driving industry burnout
Highlighting the burgeoning workload local security professionals face, almost all (87%) of those considering leaving the industry cite 'burnout from workload' as a reason. Rising stress levels were also reported across the sector. More than half (54%) of respondents said they now find cybersecurity a more challenging work environment than when they started. This is felt even more so amongst C-Suite and senior management roles, with more than two-thirds (69%) saying the same.
The impacts of local businesses shifting to remote work post-pandemic has also led to greater strain on cybersecurity professionals, with more than half (57%) saying they are personally managing a remote workforce. Of those, 58 percent report increased stress as a result, and close to three quarters (70%) have an increased workload.
Cybersecurity struggling to retain talent long-term
Highlighting dire concerns about the industry's ability to retain talent, the survey showed that the newer a staff member is to cybersecurity, the more likely they are to leave. Those with less than one year of experience are more likely to leave (64 percent) than those with one to two years experience (44%).
The Net Promoter Score (NPS) for cybersecurity was also very low at -9.4, putting the industry on par or worse off than airline and insurance sectors. Worryingly, for those in the field for two years or less, the NPS is -32, showing that those new to the industry are having a negative experience and even less likely to recommend cybersecurity as a career.
"New, talented individuals are leaving the cybersecurity industry too fast. To retain crucial talent in a tight market, more needs to be done to reduce the workload and stress on all those in the industry, and particularly newcomers," says Richard Davies, Area Director Australia and New Zealand, Lacework.
"This is especially so given the rapid rate of change in the sector and mounting public pressure from recent high-profile security breaches," he says.
Tool and alert overload driving complexity and risk
The research highlighted the need for drastic toolchain consolidation amongst local IT businesses. Cybersecurity staff across ANZ must learn and manage, on average, 12.9 different tools. Alarmingly, almost one third of ANZ cyber security professionals rate those tools as poor, and three quarters believe accuracy of tools could be improved.
This proliferation of tools, combined with a burgeoning workload, has also meant that many alerts are going unchecked. Approximately two thirds (64%) of ANZ organisations fail to check all alerts – leaving organisations open to risk.
"We are seeing a proliferation of cybersecurity tools and alerts – but neither are helping to reduce the workload for those in the industry," says Davies.
"Conversely, they are adding more strain. The role of automation in this context is clear – we can streamline not only the monitoring and administrative processes in cybersecurity, but also reduce the alerts and thereby reduce risk."