By 2025, nearly half of cybersecurity leaders will change jobs, 25 percent for different roles entirely due to multiple work-related stressors, a report from Gartner said.
“Cybersecurity professionals are facing unsustainable levels of stress,” said Deepti Gopal, Director Analyst, Gartner. “CISOs are on the defense, with the only possible outcomes that they don’t get hacked or they do. The psychological impact of this directly affects decision quality and the performance of cybersecurity leaders and their teams.”
Given these dynamics as well as the massive market opportunities for cybersecurity professionals, talent churn poses a significant threat for security teams. Compliance-centric cybersecurity programs, low executive support and subpar industry-level maturity are all indicators of an organization that does not view security risk management as critical to business success.
By 2025, lack of talent or human failure will be responsible for half of significant cyber incidents. The number of cyber and social engineering attacks against people is spiking as threat actors increasingly see humans as the most vulnerable point of exploitation.
A Gartner survey conducted in May and June 2022 among 1,310 employees revealed that 69 percent of employees have bypassed their organization’s cybersecurity guidance in the past 12 months. In the survey, 74 percent of employees said they would be willing to bypass cybersecurity guidance if it helped them or their team achieve a business objective.
“Friction that slows down employees and leads to insecure behavior is a significant driver of insider risk,” said Paul Furtado, VP Analyst, Gartner.
Half of medium to large enterprises will adopt formal programs to manage insider risk by 2025, up from 10 percent today. A focused insider risk management program should proactively and predictively identify behaviors that may result in the potential exfiltration of corporate assets or other damaging actions and provide corrective guidance, not punishment.