CNI Organisations Must Lighten Load on Cyber Teams or Risk Mass Exodus of Workforce

Published 31 October 2022

4 in 10 cyber leaders in UK CNI say stress and burnout could push them to leave their job in the next year

Reading, UK – 28 June 2022 – UK critical national infrastructure (CNI) organisations must take steps to ensure cyber leaders have the right budget, skills and tech stack to build out and implement an effective cyber security strategy or risk an exodus of skilled cyber security professionals, according to new research from UK cyber security services firm, Bridewell. The cyber security company is calling on business leaders to do more to improve wellbeing among security teams this World Wellbeing Week amid rising threats and growing skills gap.

The research, which surveyed 521 cyber security decision makers in the communications, utilities, finance, government and transport and aviation sectors, reveals 95% of cyber security decision-makers are experiencing factors that would make them likely to leave their role in the next 12 months. 42% feel a breach is inevitable and do not want to tarnish their career, while 40% say they are experiencing stress and burnout which is impacting their personal life.

The prospect of people leaving jobs is particularly problematic for CNI organisations at a time when the threat of attacks remains high. Over two thirds of UK CNI cyber leaders say that the volume of threats and successful attacks has increased over the past year and 69% say it is harder to detect and respond to threats.

Fears of staff leaving are also compounded by the ongoing skills shortage in the sector with 68% saying it has become harder to recruit the right resources to secure and monitor systems over the past year. Four in ten say they currently don’t have the skills to monitor security threats in the cloud, 31% don’t have the right skills needed to run a modern security operations centre (31%) and 28% believe the don’t have the right skills to secure a remote environment.

Martin Riley, Director of Managed Security Services at Bridewell, comments: “Talent is now the biggest constraint in cyber security and organisations simply cannot afford to lose staff. Security leaders need the right authority, budget and technology stack to build out and implement an effective threat-led cyber security strategy and should lean on external consultants where necessary to plug any gaps quickly and help lighten the load on the team. Companies that can demonstrate they are investing in staff wellbeing, support and development can inspire a real change of heart in those that may be looking to leave.”

A range of factors are contributing to the increased pressure and burnout felt by IT teams, including the growing number of cyber attacks, increased complexity of cyber security compliance, greater interconnectivity of systems, and the constant need to understand new technologies and deliver expanding cyber assurance activities.

Reasons for leaving vary based on level of seniority with those at C-Level more likely to fear tarnishing their career with a cyber attack, while those at Director level report higher levels of stress and burnout. Meanwhile, heads of department are more likely to jump ship due to unrealistic expectation, whereas managers are more driven by pay.

Recent research from the Department for Digital, Culture Media & Sport reveals approximately 697,000 UK businesses (51%) have a basic skills gap. Bridewell is supporting the government’s “Upskill in Cyber programme” which aims to identify and rapidly reskill individuals for roles in cyber security in just ten weeks. Launching on 4 July, students will undertake two SANS training courses and receive soft skills development to ensure they are immediately deployable within the cyber security workforce.

Scott Nicholson, CEO at Bridwell adds: “We’re seeing an endless skills, transformation and burnout cycle in the industry. The biggest trick organisations are missing when it comes to narrowing the cyber skills gap is not taking on people from other disciplines. This is only fuelling the situation and means companies could be missing out on great candidates with transferable skills.”

To learn more, read the full ‘Cyber Security in UK Critical National Infrastructure 2022’ report.