Nearly half (45%) of cybersecurity professionals have considered quitting the industry due to stress, with the primary issues being an unrelenting threat from ransomware and the expectations to always be on call or available, according to a new report.
The Voice of SecOps Report, the third annual study from cybersecurity company, Deep Instinct, analyzed feedback from 1,000 C-suite and senior cybersecurity professionals in North America, the U.K., France, and Germany. These professionals work for businesses with more than 1,000 employees and revenue north of $500M annually.
Respondents were found in seven core verticals: financial services, retail and ecommerce, healthcare, manufacturing, public sector, critical infrastructure, and technology.
The Great Cybersecurity Resignation
The job of defending against increasingly advanced threats on a daily and hourly basis is causing more problems than ever, as nearly half of respondents (46%) felt their stress had measurably increased over the last 12 months. This was especially the case for those working within critical infrastructure. These increased stress levels have led cybersecurity professionals to consider leaving the industry altogether, joining in the “Great Resignation,” rather than moving to a new cybersecurity role at a new employer.
- 45% admit to considering quitting the industry on at least one or two occasions
- 46% know at least one person who left cybersecurity altogether in the past year due to stress
Who’s Stressed and Why?
Stress is not only felt by SOC teams and others on the cyber frontlines, but also among those in the C-Suite who are making the difficult decisions on how to use their available resources more efficiently.
Top 3 Factors Contributing to CISO Stress Levels
- Securing a remote workforce (52%)
- Digital transformation impacting security posture (51%)
- Ransomware threats (48%)
Top 3 Stress Factors for Senior Cybersecurity Professionals
- It’s impossible to stop every threat (47%)
- Expectations to always be on call or available (43%)
- Insufficient SecOps staff to do the role properly (40%)
Biggest Stress Culprit: Ransomware
Nearly half (45%) of respondents said that ransomware was the biggest concern of their company’s C-Suite. The survey found that more than one-third (38%) of respondents admitted to paying up in order to receive the encryption key primarily to avoid downtime (61%) or bad publicity (53%). However, paying the ransom did not guarantee a resolution post-attack in many cases.
Of those reporting that a payment was made:
- 46% claimed to still have their data exposed by the hackers
- 44% couldn’t restore all their data
- Only 16% claimed to have no further issues to date
In response to these issues with ransomware payment, 73% of respondents claimed they would not pay a ransom in the future.
Among those who claimed they would still pay a ransomware demand in the future, widespread fear remained that they would be trouble-free in the future.
The fear of paying a ransom in the future included the following:
- 75% do not expect to have all their data restored
- 54% fear the criminals will still make the exfiltration of data public knowledge
- 52% fear the attackers will have installed a back door and will return
“Considering that the constant waves of cyberattacks are likely to become more common and evasive as we move forward, it’s of the utmost importance to ensure that those who dedicate their careers and lives to defending our businesses and country don’t become overly stressed and give up,” said Guy Caspi, CEO and Co-Founder of Deep Instinct.
“By adopting and utilizing new defensive techniques, like artificial intelligence and deep learning, we can help the cybersecurity community mitigate one of the most important issues that is often overlooked by many: the people behind the keyboard.”
Is AI the New “Stress Ball”?
There is growing acknowledgement that artificial intelligence (AI)-enabled tools are highly effective in combatting sophisticated attacks such as ransomware. AI is recognized as having the potential to reduce critical productivity challenges like reducing false positives that will allow teams to focus their time and resources on more critical cyber defense issues.
- 53% agree that “they need greater automation through AI/ML to improve security operations”
- 82% would rather depend on AI than humans to hunt threats
- Only 6% claim they “don’t trust AI”
More than a quarter (27%) of respondents claimed their false positive rate has increased over the past year, and another quarter (26%) admitted to turning off alerts altogether because they’re overwhelmed and don’t have the time to pay attention to them—leaving their organization with critical security vulnerabilities.
Developing a better balance between “assume breach” and prevention to reduce false positives was cited by 47% of the respondents to improve their overall security posture.
The full report is available here.