At a time when businesses across the globe are suffering the social and economic repercussions of COVID-19, many organisations are beginning to feel the pressures of a new problem: a cybersecurity crisis.
It’s no secret that in recent years the number of people entering the cybersecurity industry is not proportionate to the increasing number of cyber threats, but now the situation has grown even more severe, as many IT professionals are choosing to leave the sector.
New research has found that almost a third of the cybersecurity workforce are planning to leave their jobs in the near future, putting organisations at even greater risk of a data breach.
New statistics highlight the causes of workers leaving their professions
A comprehensive survey from cybersecurity firm Trellix has revealed that almost 30% of cybersecurity professionals are considering changing their career in the next few years. Respondents listed a host of reasons for this, including feeling unappreciated and undervalued in their role. The top three results were: 35% cited a lack of a clear career path, 31% cited lack of social recognition and 25% referenced limited support to develop their skills.
Other reasons included burnout and unsatisfactory salaries, all contributing to workers feeling the push to quit.
Lack of agreement and support from management is a main problem
Similar research from cybersecurity firm Ivanti found that technology itself was often one of the reasons that IT professionals were becoming discontented. Almost 50% of IT professional and office workers surveyed across US, UK, France, Germany, Netherlands, Japan, China, and Australia reported feeling frustrated by their company’s tech. 64% reported that technology directly impacts their morale and 42% said that they’ve spent their own money on better tech to be more productive.
Training is another key aspect that has been overlooked
The cybersecurity skills crisis isn’t a recent problem. For over ten years, firms have been noting the shortage of cybersecurity professionals, but little progress has been made to finding a solution. Many businesses are turning to cyber security consultants to help plug in expertise and help to improve risk posture.
ISSA reports that many IT professionals believe that businesses themselves aren’t offering the right level of cybersecurity training. For smaller businesses that don’t have large IT departments and top protection programs, many are reliant on the little training they do receive. 36% reported that they felt that their employers should provide a bit more training, and 29% reported that they felt their employers should provide significantly more training. With minimal training being provided and significant numbers of cybersecurity professionals leaving their jobs, the cybersecurity skills gap is expected to continue to grow.
Diversity, inclusion and equality standards are lacking across the industry
But it is not only the number of professionals that the sector needs to address. Trellix’s survey reported that more needed to be done to address diversity and inclusion in the field. Of respondents surveyed, 78% were male, 64% were white and 89% were heterosexual.
A staggering 92% of respondents said that they believe their companies should be doing more to consider employees from non-traditional cybersecurity backgrounds. Many went on to highlight that offering more to graduates, internships and students could generate the interest in cyber-security that is desperately needed.
What can businesses do?
In the UK alone 50% of all businesses have a basic cybersecurity skills gap. This means that some businesses don’t have the internal skills required to conduct essential cybersecurity measures.
There are few methods that the industry can do to close the skills gap, with the most prominent being exposure, education, training and recruitment. The importance of training has been highlighted here, but actively getting young people interested and educated about cybersecurity is most needed.
Programs, courses and bursaries will be essential to encourage young people to join the sector, and following a job offer, the cybersecurity industry will have to do what it takes to keep them there. From valuing employees to paying attractive salaries to establishing a career path. In order to safeguard the future of the cybersecurity industry, businesses will have to listen to the current climate.