The last two years in the cybersecurity industry have been a roller coaster of emotions.
While there are many positives to look at—such as improved detection and reporting and increased communication between the public and private sector—we still have such a long way to go in a relatively new industry.
Working in cyber can feel so overwhelming at times that some might feel like they are in the wrong industry. The good news is that a lot of people share this feeling, so you're not alone. The bad news is that many people think about quitting, which is something we must come together to address.
Cybersecurity firm Deep Instinct released its third annual Voice of SecOps Report, which discovered "increased and unsustainable stress levels" among workers, noting that 45% of survey respondents considered quitting the cybersecurity field entirely in the last year.
If nearly half the industry is thinking about quitting, something needs to change.
Cyber stress levels reach all-time high
Deep Instinct conducted interviews with 1,000 C-suite and senior cybersecurity professionals in North America, the U.K., France, and Germany, whose organizations all have more than 1,000 employees and annual revenues above $500M.
With 45% of respondents saying they considered quitting due to stress, 46% said they knew of at least one person who did leave the industry within the last year specifically because of stress.
Ransomware was the number one contributor to stress levels, with 38% admitting their organization had paid a ransom, 46% claiming their data was still exposed by threat actors, and 44% being unable to restore their data, even after the ransom was paid.
Only 16% of respondents claimed to have no issues after paying a ransom.
The report refers to this stress-related phenomenon as "The Great Cybersecurity Resignation." It says:
"The job of defending against increasingly advanced threats on a daily and hourly basis is causing more problems than ever as nearly half of respondents (46%) felt their stress had measurably increased over the last 12 months. This was especially the case for those working within critical infrastructure. These increased stress levels have led cybersecurity professionals to consider leaving the industry altogether, joining in the 'Great Resignation,' rather than moving to a new cybersecurity role at a new employer."
The report included the top three factors contributing to CISO stress levels:
- Securing a remote workforce (52%)
- Digital transformation impacting security posture (51%)
- Ransomware threats (48%)
Unsurprisingly, it's not just the C-suite that is feeling the pressure; those working in other leadership positions also reported significant stress. The top three factors contributing to stress levels of senior cybersecurity professionals:
- Impossibility of stopping every threat (47%)
- Expectations to always be on call or available (43%)
- Insufficient SecOps staff to do the role properly (40%)
Guy Caspi, CEO and Co-Founder of Deep Instinct, shared this about stress in the industry:
"Considering that the constant waves of cyber-attacks are likely to become more common and evasive as we move forward, it's of the utmost importance to ensure that those who dedicate their careers and lives to defending our businesses and country don't become overly stressed and give up. By adopting and utilizing new defensive techniques, like artificial intelligence [AI] and deep learning [DL/ML], we can help the cybersecurity community mitigate one of the most important issues that is often overlooked by many: the people behind the keyboard."
So, how are we going to best respond to cyberattacks and increased stress levels?
The report points to the fact that there is "growing acknowledgement that AI-enabled tools are highly effective in combatting sophisticated attacks such as ransomware."
Researchers say AI has the potential to reduce critical productivity challenges, which would free up more time and resources to be spent on critical cyber defense issues.
Here are a few statistics from the report on AI:
- 53% agree that "they need greater automation through AI/ML to improve security operations"
- 82% would rather depend on AI than humans to hunt threats
- Only 6% claim they "don't trust AI"
Do you have any thoughts on the rising stress levels in cybersecurity? Do you have ideas on how to help? Add your comment below or discuss your thoughts at an upcoming SecureWorld cybersecurity conference or Remote Sessions webcast.