One of the top reasons is the growing complexity of the threat landscape
Employers should explore ways to support staff ‘before burnout and attrition occur,’ says expert
Two-thirds (66%) of cybersecurity professionals say that their roles were more stressful compared to how it was five years ago, a report by global professional association ISACA found.
“Employers should home in on the occupational stress their digital defenders are facing. This is an opportunity for employers to explore ways to support staff before burnout and attrition occur,” said ISCA Director, Professional Practices and Innovation Jon Brandt.
“Employees want to feel valued. As the leadership adage goes, take care of your people and they'll take care of you.”
So, what are the top reasons for the increased stress?
Understaffing of cybersecurity professionals
Another concern is that cybersecurity budgets and staffing are not keeping pace. More than half (51 percent) of the respondents say that cyber budgets are underfunded (up from 47 percent in 2023), and only 37 percent expect budgets will increase in the next year.
And while 57 percent of organizations say their cybersecurity teams are understaffed, hiring has slightly slowed:
- 38 percent of organizations have no open positions, compared to 35 percent last year
- 46 percent of organizations have non-entry level cybersecurity positions open, compared to 50 percent last year
- 18 percent have entry-level positions open, compared to 21 percent last year.
For the more than half of survey respondents (55 percent) that reported having difficulties retaining qualified cyber candidates.
Growing number of cyberattacks
In line with this sentiment around challenging threats, 38 percent of organizations are experiencing increased cybersecurity attacks, compared to 31 percent a year ago.
On top of that, nearly half (47 percent) expect a cyberattack on their organization in the next year, found ISCA’s survey, and only 40 percent have a high degree of confidence in their team’s ability to detect and respond to cyber threats.
“Social engineering attacks, such as phishing, are a growing concern for organizations as human error remains a major factor in data breaches," said Mike Mellor, VP of Cyber Operations at Adobe. "With the increasing frequency and sophistication of these attacks, it’s essential for organizations to adopt secure authentication methods to strengthen their defenses. Adobe believes that fostering a deep security culture among all employees through anti-phishing training, combined with stronger controls such as zero-trust networks protected by phishing-resistant authentication are essential in safeguarding any organization.”
The annual study involved 1,800 cybersecurity professionals who were asked about topics in relation to the cybersecurity workforce as well as the threat landscape.