Enterprises are struggling to fill senior cybersecurity roles — and it's causing staff burnout to skyrocket
Many senior roles take months to fill, creating cumbersome workloads for mid-level staff and increased burnout
Four-in-ten cybersecurity teams are understaffed, with senior team members particularly hard to find, according to new research.
While seven-in-ten junior cybersecurity staff positions are typically filled within six months and only 3% of roles take more than a year to fill, things are very different further up the hierarchy.
More than half of companies told Kaspersky it takes between four and nine months to find suitable candidates, and 36%, nine months or more. Only 6% of roles are filled in less than three months.
The good news, though, is that these senior InfoSec professionals tend to stay longer in their roles, with 49% remaining in top-level positions for more than five years. Junior employees have a higher turnover rate, with most staying three to four years and only 3% remaining beyond five years.
The main reasons for quitting include personal factors such as compensation issues, inadequate working conditions, and lack of management support.
However, a significant portion of professionals cited the need for continuous skills development as well as growing frustration with not having opportunities to work with the latest technologies and tools.
Overall, professional dissatisfaction is the leading cause of resignations, with lack of growth opportunities being the main reason, cited by 58%.
Get the ITPro. daily newsletter
Receive our latest news, industry updates, featured resources and more. Sign up today to receive our FREE report on AI cyber crime & security - newly updated for 2024.
Burnout is still pervasive in cyber
Lack of management support and monotonous work are also significant factors, with both the main reason for leaving for around half of job-seekers. High stress levels and inflexible working policies were also factors.
Notably, the study from Kaspersky showed burnout is still rampant InfoSec professionals, who feel they're accomplishing very little in the face of monotonous work and constant monitoring of security alerts.
"To combat burnout, companies must rethink their approach to managing InfoSec teams. They need to find ways to relieve the stress faced by InfoSec professionals, provide them with tools to alleviate pressure, and offer support and feedback," the researchers said.
"Automation plays a key role in this process, significantly reducing the daily burden on professionals by handling repetitive tasks such as monitoring alerts, analyzing logs, and responding to low-level threats. This shift allows professionals to focus on more complex and rewarding tasks, enhancing job satisfaction and career growth."
Burnout is rife in the tech profession generally, with nearly three-quarters of software developers experiencing it at some point in their career, according to JetBrains’ 2023 State of the Developer Ecosystem report.
And it's particularly common in security departments. In a survey last year, CyberArk found nearly two-thirds of staff struggle to contend with growing workloads, and more than two-thirds of C-suite executives said burnout is fueled by heightened threat levels, which is affecting their ability to make critical, high-level decisions.
Kaspersky recommends that organizations should bring in reward systems and recognition programs to boost morale, along with training, evaluating staff, and providing regular feedback.
They should ensure management support, rotate employees’ roles, and manage workloads to prevent monotony and reduce stress, while also automating processes for routine tasks.
Emma Woollacott is a freelance journalist writing for publications including the BBC, Private Eye, Forbes, Raconteur and specialist technology titles.