Almost a third (32%) of CISOs or IT Security DMs in the UK and US are considering leaving their current organisation, according to new research from cybersecurity company BlackFog. Of those considering leaving their current role, a third of those would do so within the next six months. These findings come as demand for cybersecurity talent intensifies, with reports of hard to fill vacancies and skills shortages across UK and US organisations.
This research, which explored the frustrations and challenges faced by cybersecurity professionals also highlights the impact that cyber incidents have on turnover and job security. It revealed that of those who had been a CISO or IT security leader at a previous organization, two fifths (41%) either left, or were let go, due to an attack or data breach.
When asked about the aspect of their role that they disliked most, 30% cited the lack of work life balance, with 27% stating that too much time was spent on firefighting rather than focusing on strategic issues.
However, their role in keeping their organisation safe from cyberthreats was clearly valued, with 44% of respondents stating that the most enjoyable aspect of the job is being the company ‘protector’ and having the ability to keep everyone working securely.
Dr. Darren Williams, CEO and Founder, BlackFog says: “Cybersecurity expertise has never been more in demand; however, these numbers highlight a serious issue with retention in the field. Board members and the C-Suite must recognize that keeping a strong team of IT security leaders is essential for their company’s safety and security.
“Recruiting is a challenge globally, and with stiff competition to attract the best talent, organizations need to address the well-being and work-life balance issues that have persisted across the industry. Organisations do not want to run the risk of having a lapse in their security posture in the wake of losing their CISO.”
The struggle to keep up with new cyber security approaches
Escalating cybersecurity threats are driving new innovations to help organisations improve their cybersecurity posture, however, BlackFog’s findings show:
- More than half, 52%, admitted that they are struggling to keep up to date with new frameworks and models such as Zero Trust.
- A further 20% felt that keeping the skill levels of their teams in line with these was a ‘serious challenge’.
- 54% also felt that they weren’t able to keep up to date with information on the latest cybersecurity solutions such as anti data exfiltration.
- 43% of respondents found it difficult to keep pace with the newest innovations in the cybersecurity market. This number varied by country, with 49% of US respondents agreeing versus 36% in the UK.
Aligning with Board expectations
There were several key positives reflected in this study, especially in the realm of Board’s expectations for the respondents. BlackFog’s findings show that 3 out of 4 (75%) agree that there is a full alignment between the Board’s expectations of what they can achieve in their role and what they are equipped and able to deliver. In fact, two thirds (64%) of respondents were able to complete their priority tasks within the first six months of their starting date. This may be down to the fact that, on average, 27% of IT spending goes towards the security budget.
“These results show us that while the security leaders’ role comes with huge challenges and enormous pressures, there are encouraging signs that Boards are listening to their needs and there is, broadly, a strong level of alignment in terms of their expectations and leaders’ ability to deliver on these,” adds Dr Williams.
“Adapting to a fast-changing landscape is key, however, and organisations need to ensure that their security teams are given the time and resources to devote to keeping pace with the latest thinking, frameworks and innovations designed to lower their cyber risk.”