Protecting the protectors: combating stress in the cyber-security industry

Adarma is a Business Reporter client.

The shortage of skilled cyber-security professionals has been a persistent and well-documented challenge within the cyber industry. According to a 2021 survey* conducted by the Information Systems Security Association (ISSA) and Enterprise Strategy Group (ESG), a significant 76 per cent of respondents reported facing considerable or moderate challenges when it comes to recruiting and hiring security experts. Moreover, an overwhelming 95 per cent believe that the skills shortage has not seen any improvement in recent years, with 44 per cent indicating that it has worsened.

The competition for top cybersecurity talent is intense and the cost of standing up a highly skilled security team can be high due to the scarcity of expertise. As a result, many security teams are often understaffed, stretched and may be lacking the knowledge required to navigate an increasingly complex threat landscape. Between shouldering the immense burden of safeguarding their companies, handling threats as they emerge and finding time to innovate, it’s no wonder teams are feeling burned out and stressed.

Not only is this unhealthy, it’s also unsustainable and could have severe consequences for both individuals and the businesses they are entrusted to protect. In fact, more than half of the organisations surveyed by Adarma expressed apprehension that the stress and fatigue experienced in their security teams could increase the risk of a cyber-incident.

Based on the responses of 500 UK security operations leaders from organisations with 2,000 employees or more, Adarma’s research found that 51 per cent also believed their security teams were challenged and frustrated, which could lead to mistakes, burnout and increased levels of quitting. Similarly, 28 per cent of the respondents felt their security teams’ capacity to innovate and introduce fresh, creative solutions was constrained by these factors.

While the cyber-security industry is not the only sector struggling with elevated stress levels, there is a distinct level of concern when it comes to cyber-protection and data-intensive decision-making. In such roles, a high level of focus is imperative. However, cyber-security workdays tend to be long and fatiguing.

Furthermore, cyber-security professionals are generally deeply passionate and dedicated, often assuming significant personal responsibility for their organisation’s security status. It is this dedication that likely contributes to the elevated stress they experience: as one CISO commented in the report, “cyber-security professionals are victims of their own passion”.

When asked to evaluate the capabilities of their security teams, 42 to 45 per cent of organisations believed that their teams had only some, little or no appropriate expertise in the following areas:

·         To understand the threats being faced

·         To detect and respond to potential threats appropriately

·         To understand and control exposure across the IT estate

·         To respond effectively to an actual incident

·         To measure success and report to the wider organisation

Not only are security teams short-staffed, they are also short on crucial skills, meaning there are likely gaps in defence coverage.

If this problem is well recognised, why is closing this skills gap and reducing stress among current teams so challenging? Adarma’s research revealed that 60 per cent of leaders see the lack of a security budget as another significant barrier to recruiting and retaining skilled professionals. Almost as many – 58 per cent – went further, saying they also struggled to communicate the importance of security to their organisation’s C-suite and board members, which made securing budgets even harder.

Fortunately, 65 per cent of security operations leaders believe recruiting from a broader, more diverse talent pool could help alleviate stress, while 35 per cent said they would consider using a third-party security provider to introduce diversity and lighten the load. A managed security service provider (MSSP) enables enterprises to partially outsource their security needs and quickly benefit from a diverse set of talents and expertise. While outsourcing may not be a feasible option for all organisations, a blended approach could prove to be highly successful.

Investing in ways that support and take care of team members’ welfare and mental health, such as workplace wellbeing initiatives, can help enhance the experience of existing teams, improve their engagement and job satisfaction, and ultimately lead to better retention rates and reduced potential for errors.

For more information, visit www.adarma.com.

Read the full report here.

About Adarma

We are Adarma, leaders in detection and response services. We specialise in designing, building and managing cyber-security operations that deliver a measurable reduction in business risk. We are on a mission to make cyber-resilience a reality for organisations around the world.

Our team of passionate cyber-defenders work hand in hand with our customers to mitigate risk and maximise the value of their cyber-security investments. Powered by the Adarma Threat Management Platform and optimised to our customers’ individual needs, our integrated set of services will improve your security posture and include best-in-class managed detection and response services.

We operate with transparency and visibility across today’s hybrid-SOC environments to protect our customers as they innovate, transform and grow their businesses. Adarma delivers the cyber-security outcomes you need to make a remarkable difference.

*The survey was completed between 15 and 22 May 2023.