CISOs Consider Quitting Industry Over Surging Stress
IT security leaders across Europe are considering quitting their job over the stress they’re suffering due to mounting threats, compliance pressures and growing complexity, according to Symantec.
The security giant teamed up with research consultancy Thread and Chris Brauer of Goldsmiths, University of London, to compile its High Alert study, based on interviews with 3000 security decision makers in the UK, Germany and France.
Some 82% claimed they felt burned out, with nearly two-thirds saying they’re thinking about leaving their job (64%) or quitting the industry altogether (63%).
Regulations like the GDPR and NIS Directive are the number one source of stress (86%), with two-fifths (40%) concerned that they would be held responsible in the event of a breach. Skills shortages (80%), the size and complexity of the IT environment (82%) and the growing volume of threats (82%) also ranked high.
Brauer, who is director of innovation at the London university, argued that stress can have a serious impact on decision making.
“It impairs your memory, disrupts rational thinking and negatively impacts every cognitive function you have. In an industry like cybersecurity, which requires focus, creative thinking, attention to detail and rational decisions in high pressure scenarios, stress can be crippling,” he added.
“Highly stressed workers are far more likely to be disengaged and ultimately quit. In an industry already suffering a skills shortage, this kind of stress can present a significant risk.”
Tool bloat appears to be another major cause of this stress. Over three-quarters (79%) of respondents claimed that “too many products/vendors” is the cause of growing pressure at work, while 68% said they felt “paralyzed” by the huge volume of threat alerts deluging the department.
“The current patchwork approach to security tooling and strategy is creating more problems than it solves,” argued Symantec EMEA CTO, Darren Thomson. “There’s so much daily noise that it’s near impossible to work out what might be a false positive and what might be a sign of a stealthy targeted attack. Meanwhile the overlaps and gaps between defensive systems present hackers with new opportunities for exploitation.”
Source: Information Security Magazine