Half of cyber leaders predicted to leave jobs due to stress: Gartner

Close to half of cybersecurity leaders are predicted to leave their jobs by 2025 and 25 percent are set to leave the industry entirely all due to work-related stress.

A new report from Gartner highlighted that talent churn poses a “significant” threat to security teams.

Compliance-centric cybersecurity programs, low executive support and subpar industry-level maturity are all indicators of an organisation that does not view security risk management as critical to business success, according to Gartner.

Organisations of this type are likely to experience higher attrition as talent leaves for roles where their impact is felt and valued.

Deepti Gopal, director analyst, Gartner said cybersecurity professionals are facing unsustainable levels of stress.

She said, “CISOs are on the defence, with the only possible outcomes that they don’t get hacked or they do. The psychological impact of this directly affects decision quality and the performance of cybersecurity leaders and their teams.

“Burnout and voluntary attrition are outcomes of poor organisational culture. While eliminating stress is an unrealistic goal, people can manage incredibly challenging and stressful jobs in cultures where they’re supported.”

By 2025, lack of talent or human failure will be responsible for over half of significant cyber incidents, according to Gartner research.

The number of cyber and social engineering attacks against people is spiking as threat actors increasingly see humans as the most vulnerable point of exploitation.

Paul Furtado, VP analyst at Gartner said, “Friction that slows down employees and leads to insecure behaviour is a significant driver of insider risk.”

To confront this rising threat, Gartner predicts that half of medium to large enterprises will adopt formal programs to manage insider risk by 2025, up from 10 percent today.

A focused insider risk management program should proactively and predictively identify behaviours that may result in the potential exfiltration of corporate assets or other damaging actions and provide corrective guidance, not punishment.

Furtado added, “CISOs must increasingly consider insider risk when developing a cybersecurity program. Traditional cybersecurity tools have limited visibility into threats that come from within.”