- Security TWENTY
- Women in Security Awards
Those in the UK critical national infrastructure (CNI) sector must take steps for cyber leaders to have the right budget, skills and tech stack to build a security strategy or risk an exodus of skilled cyber security professionals. That is according to new research from UK cyber security services firm, Bridewell.
Their survey of UK cyber security decision-makers in the communications, utilities, finance, government and transport and aviation sectors, found near all, 95 per cent, are experiencing factors that would make them likely to leave their role in the next 12 months. Some four in ten (42pc) feel a breach is inevitable and do not want to tarnish their career, while 40pc say they are experiencing stress and burnout which is affecting their personal life.
The prospect of people leaving jobs is particularly problematic for CNI the firm suggests when the threat of attacks remains high. Over two thirds of UK CNI cyber leaders say that the volume of threats and successful attacks has increased over the past year and a majority, 69pc say it is harder to detect and respond to threats.
Fears of staff leaving are also compounded by the cyber skills shortage, as a majority, 68pc say it has become harder to recruit the right resources to secure and monitor systems over the past year. Four in ten say they don’t have the skills to monitor security threats in the cloud, 31pc don’t have the right skills needed to run a modern security operations centre and 28pc believe the don’t have the right skills to secure a remote environment.
Martin Riley, Director of Managed Security Services at Bridewell, says: “Talent is now the biggest constraint in cyber security and organisations simply cannot afford to lose staff. Security leaders need the right authority, budget and technology stack to build out and implement an effective threat-led cyber security strategy and should lean on external consultants where necessary to plug any gaps quickly and help lighten the load on the team. Companies that can demonstrate they are investing in staff wellbeing, support and development can inspire a real change of heart in those that may be looking to leave.”
A range of factors are contributing to the increased pressure and burn-out felt by IT teams, the survey suggests, including the growth in cyber attacks, increased complexity of cyber security compliance, greater inter-connectivity of systems, and the constant need to understand new technologies and deliver expanding cyber assurance.
Reasons for leaving vary based on level of seniority; those at C-Level say they are more likely to fear tarnishing their career with a cyber attack, while those at director level report higher levels of stress and burnout. Meanwhile, heads of department are more likely to jump ship due to unrealistic expectation, whereas managers are more driven by pay.
More in the August print edition of Professional Security magazine.