Almost a third – 32% – of chief information security officers (CISOs) and decision-makers in the UK are considering quitting their current role, and a third of those think they might do so in the next six months, according to research published today by BlackFog, a supplier of anti-data exfiltration and ransomware protection services.
The Wyoming, US-based firm commissioned pollsters Sapio to explore the views of security leaders on both sides of the Atlantic amid an ongoing and intensifying shortage of cyber security talent, with vacancies going unfilled across the UK and US.
“Cyber security expertise has never been more in demand, however, these numbers highlight a serious issue with retention in the field,” said BlackFog founder and CEO Darren Williams. “Board members and the C-suite must recognise that keeping a strong team of IT security leaders is essential for their company’s safety and security.
“Recruiting is a challenge globally, and with stiff competition to attract the best talent, organisations need to address the well-being and work-life balance issues that have persisted across the industry. Organisations do not want to run the risk of having a lapse in their security posture in the wake of losing their CISO.”
The research explored some of the frustrations and challenges experienced by security pros to highlight the impact cyber incidents have on staff attrition and job security. It found that of those who had had a security leadership role in more than one organisation, 41% had either resigned or been forced out after a cyber attack or data breach.
Some of the most keenly felt challenges included difficulty keeping up to date with new security products, frameworks, models and innovations, as well as keeping the skills levels of security teams in line with the rapidly developing industry. Others felt put out by a lack of work-life balance, and a little over a quarter were frustrated by spending too much time on basic firefighting rather than strategic issues.
This said, there were some positives in the survey data, especially when it came to how CISOs work with their boards and the expectations organisational leadership puts on its security leaders.
BlackFog and Sapio found that 75% of respondents agreed they were in “full alignment” with the board’s expectations of what they could achieve in their role, and what they were equipped and able to deliver.
Indeed, 64% said they had been able to complete their “priority tasks” in the first six months following their starting date, which may reflect increased amounts of IT spending going towards dedicated cyber security budgets.
“These results show us that while the security leaders’ role comes with huge challenges and enormous pressures, there are encouraging signs that boards are listening to their needs and there is, broadly, a strong level of alignment in terms of their expectations and leaders’ ability to deliver on these,” said Williams.
“Adapting to a fast-changing landscape is key, however, and organisations need to ensure that their security teams are given the time and resources to devote to keeping pace with the latest thinking, frameworks and innovations designed to lower their cyber risk.”