Skip to main content

Over a third of the global cyber security workforce plans to change professions in the future due to frustrations with the sector, fuelling a talent shortage that is impacting organisations’ abilities to effectively secure their systems, an industry survey has found.

Commissioned by extended detection and response firm Trellix, which spun out of McAfee in XXX, the survey of cyber security professionals found their top three frustrations were the lack of a clear career path (35%), the lack of societal recognition for their work (31%) and the limited support given by their employers to develop skills.

Despite an overwhelming 92% reporting cyber security “as purposeful, soulful work that motivates them”, 36% noted they feel a lack of recognition for their work, with a further 12% explicitly saying they plan to leave the profession because of this.

According to ISACA’s State of cybersecurity 2022 report, published in March, the top reasons for cyber security professionals leaving their jobs included being recruited by other companies (59%), poor financial incentives in terms of salary or bonus (48%), limited promotion and development opportunities (47%), high levels of work-related stress (45%), and lack of management support (34%).

Of those surveyed by Trellix, a further 85% believe the workforce shortage is impacting their organisations’ abilities to secure increasingly complex information systems and networks.

“Our industry is already 2.72 million people short,” said Trellix CEO Bryan Palma. “Cultivating and nurturing a cyber security workforce for our future requires expanding who we view as talent and changing our practices across the public and private sectors.

“Closing the cyber security talent gap is not only a business imperative, but important to national security and our daily lives. We need to remove barriers to entry, actively work to inspire people to do soulful work and ensure those in the field are retained.”

In attempting to expand and retain the cyber security workforce, respondents said that support for development of skills (85%) and the pursuit of certifications (80%) were “extremely important”, while 94% thought employers should be doing more for community mentoring programs through a greater presence in schools.

A large majority of respondents (91%) also believed there needs to be wider efforts to recruit people from more diverse backgrounds – of the cyber security professionals surveyed, 78% were male, 64% white and 89% heterosexual.

Respondents reported that inclusivity and equality for women (79%), diversity of the cyber security workforce (77%) and pay gaps between different demographic groups (72%) were “extremely important” factors the industry needs to address.

A further 94% of those surveyed believe their employers could be doing more to consider employees from non-traditional cyber security backgrounds, while 45% report having previously worked in other careers.

Although 80% agreed that degrees are not needed for a successful cyber security career, 79% had degrees related to IT, computer science or technology.

Separate research from VMWare found that during the pandemic, 51% of cyber security professionals have felt extremely stressed and burnt out, while pentesting-as-a-service supplier Cobalt found that more than half of cyber security professionals are contemplating leaving their job.

“With a general skills shortage across the market, any gaps in teams that maintain critical infrastructure will be felt sharply and can often take months to fill,” Ilona Simpson, chief information officer for Europe, the Middle East and Africa at Netskope, told Computer Weekly. “Teams that are understaffed tend to be overworked, which can have a negative impact on both mental health and team effectiveness.”

Leave a Reply