Some of Europe’s most senior security professionals are at risk of burnout as the cyber skills shortage intensifies amid a wave of threats.
According to a survey of more than 3,000 cyber security “decision-makers” in the UK, France and Germany, nearly two thirds of those working in the industry (63 per cent) have considered leaving it.
Half of those surveyed (48 per cent) said attackers have “unprecedented resources and support from ‘bad actors’” including cyber crime gangs and state-sponsored actors. Some 46 per cent said their teams were “too busy to keep up with the necessary skills development” while 44 per cent said they lacked the skills required to combat the threat.
The research, which was conducted by Goldsmiths University on behalf of the security giant Symantec, also revealed that the vast majority of professionals (78 per cent) have underestimated what the level of resource required to deal with threats and the same number again have been forced to rush threat assessments.
“We’re not going to be able to recruit our way out of the talent gap. A more systemic change has to take place,” said Darren Thomson, a Symantec executive. “The cyber security landscape has changed dramatically since today’s CISOs entered the industry. With thousands of threat events happening every second and the complexity of the IT estate growing exponentially, simply keeping pace is a challenge.”
“Machine augmentation is mission critical, but security leaders must ensure that these tools don’t become part of the problem. Taking steps to reduce the complexity of cyber security, use of cloud-delivered security, increased automation and smart use of managed services can all help to reduce overload and improve retention.”
Richard Brinson, who has served as interim chief information security officer (CISO) at Unilever and Sainsbury’s, said he knew of a number of CISOs who had stepped down from their roles due to stress and moved into non-operational positions such as research or consulting.
Sign up to Emerging Threats, our weekly cyber security newsletter
Given the shortage of CISOs, it’s not uncommon for positions to remain vacant for several months at a time. “Without a CISO in place, it’s difficult to move the security agenda forward, deliver against the strategy that’s been agreed and maintain the pace the board wants,” Brinson told NS Tech. “There’s a risk of stagnation and losing focus and momentum.”
In order to make the job more manageable, boards need to “provide clarity on what’s important to the business”, Brinson added. “For a lot of organisations stopping shipping goods is worse than a data breach. If the CEO and the board aren’t telling you that, you might be prioritising the wrong thing or nothing at all.”