The Great Resignation
Its impact on cybersecurity
The Labor Department saw 4.5 million people voluntarily quit their jobs back in November 2021, and what has been called the Great Resignation is still ongoing in 2022.
There are senior leaders and mid-level managers leaving their jobs for less stressful ones and fully remote work opportunities.
When it comes to cybersecurity leaders leaving their jobs, it becomes quite problematic due to the inability to replace experienced security personnel with someone who has little or no experience without immediately upping your company’s risk of breach and overall insecurity.
It is true, every sector in a company requires experienced personnel. However, security teams need people who know their way around all types of cyber threats. This means knowing past, present, and yet to come cyber risks and challenges.
Learning the ins and outs on the job is not something favorable if you want to stay in business. There is the need for leadership that is quick and effective in thinking and action when breach or ransomware strike. The more time is spent for incident response teams to figure things out, the more money and data a company loses.
So far, the Great Resignation is affecting junior level cybersecurity positions, early retirements at bigger companies and some serial-CISOs going the virtual-consulting route. However, this still requires attention because burnt-out CISOs, alongside pandemic-induced resignations and exhaustion from the ransomware and supply chain security crises that erupted throughout 2021 are not positives in any way shape or form to a company’s cybersecurity and ability to be cyber resilient.
A recent Tessian survey found that 71% of decision makers in the United States and United Kingdom find the Great Resignation has increased security risks at their companies. This comes because of data exfiltration incidents and the length of time before permissions are completely removed.
- As stated in an article that reviewed the survey in-depth: “The backlog of deprovisioning tasks is growing, which means a longer delay between an employee’s end of service and the removal of their access rights.”
Since employees are leaving in not such an amicable way, there’s even further concern for data security.
When we take a closer look at the CISO’s role and responsibilities, at the time it takes for them to do their job well, and at the lack of support in budget, team, and being heard by the board, by the executives, there is no question why burnout and termination of work is happening.
The Great Resignation is happening in all industries for similar reasons: the importance of time, of life, of value, of being respected and given the means to do one’s job well, while living life. For the CISOs and any IT security personnel it goes even further due to the extent that cyber risks cause them to have to work. It is not a go home and done job, or a patch this vulnerability and we’re safe forever. No.
Cybersecurity is a 24/7 job even with automation, which keeps eyes out for when a person needs to rest, that is still not enough to keep a company safe or take off the stress that a CISO goes through to try and manage cyber resilience for a company.
The hours, the pay, the lack of expertise and voice, year-after-year, plus a pandemic that pretty much made everyone in the world aware of how little time life can be, has increased the risk of an underappreciated, understaffed, and unheard employee to leave.
The risks are high and the remediation of that begins with acknowledging the hard work of cybersecurity professionals, their emotional and mental needs as people, and their company budget and team needs, plus training, and external support.
Let’s talk if you want to get ahead of these challenges. Let’s make the work environment better and your cybersecurity.
Schedule your free consultation here: https://calendly.com/ncxgroup