A recent study by cybersecurity company Kaspersky revealed that burnout in information security (InfoSec) professionals is a prevalent cause of staff turnover.
The study noted that companies are facing challenges in recruiting and retaining experienced InfoSec professionals, which is exacerbated by the cyberthreat landscape and a wide skills shortage.
The study revealed that 40 per cent of companies’ cybersecurity teams are understaffed, and experienced professionals are difficult to find, recruit and then retain, due to high demand and limited supply.
Junior InfoSec roles are generally filled within six months (70 per cent). In contrast, staffing senior roles is much more difficult, with more than half of companies (58 per cent) taking between four and nine months to find suitable candidates, and 36 per cent nine months or more. Only 6 per cent of those roles are filled in one to three months.
Senior InfoSec professionals tend to stay in roles longer, with 49 per cent remaining in top-level positions once achieved. Junior employees have a higher turnover rate, most staying three or four years, and only a small fraction (3 per cent) remaining beyond five years.
The study also examined resignation factors leading InfoSec professionals to leaving their roles. Personal dissatisfaction and lack of growth within a business were one of the main contributors (59 per cent), along with a lack of management support and monotonous workloads. High stress levels and inflexible working also contributed to a high turnover.
An important finding is that 46 per cent of experts are dissatisfied due to the lack of opportunity to work with the latest technologies and tools.
Burnout is not the result of one stressful incident; it is a state of mental, physical and emotional exhaustion driven by repeated stress, Kaspersky outlined. Professionals have reported high rates of stress and monotonous work, which are key contributors to developing burnout.
“The insidious nature of burnout is that it develops gradually, often fooling hard-working professionals into believing that living in a constant state of stress is normal and acceptable. As a result, it can be difficult for individuals to recognize and address it early on,” it said.
Kaspersky advised companies to find ways to relieve the stress faced by InfoSec professionals, provide them with tools to alleviate pressure, and offer support and feedback.
Read more here