UK critical national infrastructure (CNI) organizations could face an exodus of cybersecurity leaders over the next 12 months due to stress and burnout, according to new research from Bridewell Consulting.
The survey of 521 UK cybersecurity decision-makers in communications, utilities, finance, government, transport and aviation found that 95% of respondents are experiencing factors that would make them likely to leave their role in the next 12 months. In addition, more than two in five (42%) believe a breach at their organization is inevitable and do not want it to tarnish their career, while 40% said they are experiencing stress and burnout, which is affecting their personal life.
Stress and burnout are caused by a range of factors, according to the report. These include growing cyber-attacks, increased complexity of cybersecurity compliance, greater interconnectivity of systems and the constant need to understand new technologies and deliver expanding cyber assurance activities.
The report found that reasons for leaving roles varied depending on the level of seniority. Those at C-Level were particularly concerned about a successful cyber-attack tarnishing their career, while those at director level reported higher levels of stress and burnout. Heads of department reported unrealistic expectations being the most likely reason for them to leave, while pay was the most important factor for managers.
The figures come amid surging attacks facing CNI organizations. Over two-thirds of UK CNI cybersecurity leaders experienced an increase in the volume of threats and successful attacks over the past year, with 69% finding it harder to detect and respond to threats.
More than seven in 10 CNI organizations have also observed a rise in cyber-attacks since the start of the Russian invasion of Ukraine.
Additionally, over two-thirds (68%) of respondents also stated it has become harder to recruit the right resources to secure and monitor systems over the past year, compounding the issue. Around one in three (31%) believe they do not have the skills to run a modern security operations center and 28% to secure a remote environment.
Martin Riley, director of managed security services at Bridewell, commented: “Talent is now the biggest constraint in cybersecurity and organizations simply cannot afford to lose staff. Security leaders need the right authority, budget and technology stack to build out and implement an effective threat-led cybersecurity strategy and should lean on external consultants where necessary to plug any gaps quickly and help lighten the load on the team. Companies that can demonstrate they are investing in staff wellbeing, support and development can inspire a real change of heart in those that may be looking to leave.”
Scott Nicholson, CEO at Bridewell, added: “We’re seeing a consistent noise around the skills, employee retention and burnout cycle in the industry. While we’re seeing some uptake, the biggest trick organizations are missing when it comes to narrowing the cyber skills gap is not taking on people from other disciplines. This is only fuelling the situation and means companies could be missing out on great candidates with transferable skills.”