Is Stress a Driving Force Behind the Cyber Skills Shortage?

A staggering 95% of IT leaders in the UK and Ireland say stress impacts their ability to retain staff, according to new research from cybersecurity firm SenseOn. 

This alarming statistic highlights the immense pressure facing cybersecurity professionals, exacerbating an industry-wide talent shortage that shows no signs of abating.

The survey of 250 IT heads at large UK&I companies found 41% cited a lack of skilled personnel as their biggest challenge in managing cyber threats. 

Paradoxically, many are turning to new cybersecurity tools as a knee-jerk solution, rather than addressing deeper systemic issues like the cause of the stress many have recognised as a retention issue.

"Too often, organisations buy new solutions as a reaction to issues like growing threats or team stress. But they're not thinking about the long-term value or broader implications," said David Atkinson, SenseOn's CEO. 

The study found over half of firms purchased new cyber tools after the SolarWinds breach, prioritising "ease of implementation" over cost or vendor reputation.

However, implementing new technology takes around six months on average, with another six spent on training - adding to overstretched teams' burdens. 64% of respondents admitted regretting not researching solutions more thoroughly beforehand.

Cybersecurity staff shortage

This finding feeds into the overarching narrative that cybersecurity is in a staffing crisis.

Industry experts like Lewis West at Cyber recruitment firm Hamilton Barnes predicted the industry could be on brink of collapse over the issue. 

Lewis blamed an ageing workforce, with experienced professionals leaving or retiring early, and a lack of new talent entering the pipeline. 

"There's talent out there, but it's at the experienced end leaving the market. And there aren't enough specialists coming through to fill these gaps," Lewis said. "The big shortage is the mid-level; someone with 3-5 years experience is like gold dust."

SenseOn’s 2024 findings will likely not do anything to remedy the talent pool problems. 

According to Lewis, the cyber skills gap means there are "too many jobs and not enough people." 

Equally, organisations are now having to pay higher to get the short supply staff that are available. 

A 2024 Cybershark Recruitment’s Salary Survey found that salaries in 17 out of 20 categories of cyber security work increased last year. 

Higher salaries but bad economic headwinds mean budgets are tightening, and thus companies may choose to hire less to do more, adding to the stress of the staff.

Effects of understaffing

Yet cyberattacks continue rising, with ransomware a growing menace. With a reported US$1bn paid in ransom in 2023, Lewis worried many SMEs would rather pay ransoms as cheaper than proper cybersecurity investment, further exacerbating the issue of ransomware attacks.

AI has shown great promise in being able to augment many aspects of cyber security, like reducing the number of false positives so staff can focus their time on being proactive instead of constantly having to put out fires. 

But as the use of AI grows, so does the attack surface of organisations, further adding to the stress.

With the World Economic Forum warning global talent shortage of cybersecurity staff could reach 85 million workers by 2030, the impetus for action is clear. 

With burnout, lack of talent and too few of those who are, the staffing shortage in the cybersecurity sector is a reckoning that will soon need to be faced.

******

Make sure you check out the latest edition of Cyber Magazine and also sign up to our global conference series - Tech & AI LIVE 2024

******

Cyber Magazine is a BizClik brand