Adarma is a Business Reporter client.
The shortage of trained cybersecurity professionals has been a persistent and well-documented challenge within the cyber industry. According to a 2021 survey*Conducted by the Information Systems Security Association (ISSA) and the Enterprise Strategy Group (ESG), a significant 76 percent of respondents reported that they face considerable or moderate challenges when it comes to recruiting and hiring security experts. Additionally, an overwhelming 95 percent believe the skills shortage has not improved in recent years, and 44 percent indicate it has gotten worse.
Competition for top cybersecurity talent is intense, and the cost of building a highly qualified security team can be high due to a shortage of experience. As a result, many security teams are often understaffed, overstretched, and may lack the knowledge necessary to navigate an increasingly complex threat landscape. Between shouldering the immense burden of safeguarding their businesses, managing threats as they arise, and finding time to innovate, it's no wonder teams are feeling burned out and stressed.
The consequences of stress in SecOps
This is not only unhealthy, it is also unsustainable and could have serious consequences for both the people and the businesses they are tasked to protect. In fact, more than half of the organizations surveyed by Adarma expressed fear that the stress and fatigue experienced by their security teams could increase the risk of a cyber incident.
Based on responses from 500 UK security operations leaders from organizations with 2,000 or more employees, Adarma investigation found that 51 percent also believed their security teams were challenged and frustrated, which could lead to errors, burnout, and higher levels of attrition. Similarly, 28 percent of respondents felt their security teams' ability to innovate and introduce new and creative solutions was limited by these factors.
While the cybersecurity industry is not the only sector struggling with elevated levels of stress, there is a clear level of concern when it comes to cyber protection and data-intensive decision making. In such roles, a high level of concentration is imperative. However, cybersecurity workdays tend to be long and exhausting.
Additionally, cybersecurity professionals are often deeply passionate and dedicated, and often take significant personal responsibility for the security status of their organization. It's this dedication that likely contributes to the high stress they experience: as one CISO commented in the report, “cybersecurity professionals are victims of their own passion.”
Knowledge gaps put organizations at risk
When asked to evaluate the capabilities of their security teams, between 42 and 45 percent of organizations believed their teams had only some, little, or no adequate experience in the following areas:
· Understand the threats faced
· Detect and respond appropriately to possible threats
· Understand and control exposure across the IT sector.
· Respond effectively to a real incident
· Measure success and report to the broader organization.
Security teams are not only short-staffed, they also lack crucial skills, meaning there are likely gaps in defense coverage.
If this problem is well recognized, why is it so difficult to close this skills gap and reduce stress among today's teams? Adarma research revealed that 60 percent of leaders see the lack of a security budget as another major barrier to recruiting and retaining qualified professionals. Nearly as many (58 percent) went further and said they also struggled to communicate the importance of security to their organization's senior management and board members, making securing budgets even more difficult. .
MSSPs can help close security expertise gaps
Fortunately, 65 percent of security operations leaders believe that hiring from a broader, more diverse talent pool could help alleviate stress, while 35 percent said they would consider using an external security provider to introduce diversity and lighten the load. A managed security services provider (MSSP) allows companies to partially outsource their security needs and quickly benefit from a diverse set of talent and experience. While outsourcing may not be a viable option for all organizations, a combined approach could prove very successful.
Investing in ways that support and care for the wellbeing and mental health of team members, such as workplace wellbeing initiatives, can help improve the experience of existing teams, improve their engagement and job satisfaction, and ultimately Ultimately, leading to better retention rates and less potential for errors.
For more information visit www.adarma.com.
Read the full report here.
About Adarma
We are Adarma, leaders in detection and response services. We specialize in designing, building and managing cybersecurity operations that provide measurable reduction in business risk. We are on a mission to make cyber resilience a reality for organizations around the world.
Our team of passionate cyber defenders work hand-in-hand with our clients to mitigate risk and maximize the value of their cybersecurity investments. Powered by the Adarma Threat Management platform and optimized for our customers' individual needs, our integrated set of services will improve your security posture and include best-in-class managed detection and response services.
We operate with transparency and visibility in today's hybrid SOC environments to protect our customers as they innovate, transform and grow their businesses. Adarma delivers the cybersecurity results you need to make a noticeable difference.
*The survey was completed between May 15 and 22, 2023.
