advertisement
Burnout Burdens: Retain Your InfoSec Team
Burnout among information security (InfoSec) professionals is a prevalent cause of staff turnover, as highlighted by a recent Kaspersky study that included participants from the META region (Saudi Arabia, UAE, Turkiye, South Africa, Nigeria and Egypt). The growing complexity of the cyber threat landscape and the persistent skills shortage exacerbate this issue. Companies face significant challenges in recruiting and retaining experienced InfoSec professionals, primarily due to compensation issues, inadequate working conditions, lack of management support, and frustration over limited access to the latest technologies and tools.
The study reveals that 40 per cent of companies’ cybersecurity teams are understaffed. Despite finding adequately qualified professionals, retention remains difficult, particularly for mid- to senior-level positions. Experienced professionals are challenging to find, recruit, and retain due to high demand and limited supply.
Recruitment Challenges And Timeframes
The demand for experienced cybersecurity experts far outpaces the supply, leading to prolonged recruitment periods and high turnover rates. Junior cybersecurity staff positions are typically filled within six months (70 per cent), while only 3 per cent of roles take more than a year to fill. In contrast, staffing senior positions is much harder, with more than half of companies (58 per cent) taking between four and nine months to find suitable candidates, and 36 per cent, nine months or more. Only 6 per cent of roles are filled in one to three months.
advertisement
Tenure Correlated With Expertise
There is a strong correlation between the level of expertise and tenure. Senior InfoSec professionals tend to stay longer in their roles, with 49 per cent remaining in top-level positions once achieved. Conversely, junior employees have a higher turnover rate, with most staying three to four years and only a small fraction (3 per cent) remaining beyond five years. Key factors contributing to InfoSec professionals leaving their positions include personal (human) reasons such as compensation issues, inadequate working conditions, and lack of management support. On the expert level, professionals often cite the need for continuous skills development and frustration with not having opportunities to work with the latest technologies and tools.
Professional dissatisfaction is the leading cause of resignations, with lack of growth opportunities being the primary reason (59 per cent). Lack of management support and monotonous work are also significant factors, causing 50 per cent and 49 per cent of professionals to leave, respectively. High-stress levels and inflexible working policies further contribute to turnover. One important finding is that 46 per cent of experts are dissatisfied due to the lack of opportunity to work with the latest technologies and tools. This is a fairly high percentage, and in many ways, depends on how the company builds its cybersecurity systems: does it pay attention to employee development? Does it allocate money for various processes, or interact with the market and other experts, etc.?
The Burnout Factor
Burnout is a critical issue among InfoSec professionals and is closely tied to the way a company builds its cybersecurity systems. It is not just the result of one stressful incident or working long hours. Rather, burnout is a state of physical, emotional, and mental exhaustion, driven by repeated stress. Individuals experiencing burnout often feel that nothing is functioning properly and that they are accomplishing very little. This chronic stress, driven by a combination of monotonous work and constant monitoring of security alerts, can lead to a severe state where individuals can no longer function effectively on a personal or professional level.
advertisement
The insidious nature of burnout is that it develops gradually, often fooling hard-working professionals into believing that living in a constant state of stress is normal and acceptable. As a result, it can be difficult for individuals to recognise and address it early on.
To combat burnout, companies must rethink their approach to managing InfoSec teams. They need to find ways to relieve the stress faced by InfoSec professionals, provide them with tools to alleviate pressure and offer support and feedback. Automation plays a key role in this process, significantly reducing the daily burden on professionals by handling repetitive tasks such as monitoring alerts, analysing logs, and responding to low-level threats. This shift allows professionals to focus on more complex and rewarding tasks, enhancing job satisfaction and career growth.