New research from Vectra AI shows 94 percent of IT security leaders have felt increased pressure to keep their company safe from cyberattacks in the past year, while half say they feel burned out and ready to quit.
The survey of 200 UK IT security decision-makers finds 51 percent of respondents have experienced negative emotions such as depression, anger, or anxiety due to feeling overwhelmed by work.
In addition 56 percent have had sleepless nights worrying about work and 42 percent have dreaded going into work and have called in sick because they couldn’t face it.
Steve Cottrell, EMEA CTO at Vectra AI says, “These stats should be a wake-up call. Security teams and their leaders need support to shift away from the constant cycle of over-working and anxiety. Security leaders shouldn’t always be the ones to feel the blame when something goes wrong. In most cases, CISOs will have requested budget, assets, and changes that weren’t signed off — so they must be ready to remind the board that security is a shared responsibility. After all, we are all on the same team. With an improved focus on workforce wellbeing, increased investment, better training, and the right tooling, we can start turning the tide.”
Part of the problem is down to skills shortages. 67 percent of respondents say they don’t have enough talent on their team, with almost one-in-five (17 percent) saying it feels like each person is doing the workload of three. The results also show an environment where security leaders are working more hours than ever but still cannot cover their workload, leaving them in constant fire-fighting mode.
Lack of visibility is also a contributing factor, with 92 percent saying they’ve been worried about their ability to spot legitimate threats amid a growing volume of security alerts. There are also concerns that cloud adoption is adding to IT complexity and mounting cyber risk.
“Often anxiety comes when we are facing a problem, we don’t have clarity on,” adds Cottrell. “That’s life in security, where environments are complex, and attackers frequently change their approach. Today, every aspect of the enterprise — physical and virtual — is under attack; down to the very code we build with, as seen with Log4j. This is where having a threat-led approach to security can be useful. By having a view of the top threats that are likely to impact your business, you can prioritize investments that will help build resiliency to those specific risks, allowing you to prevent, detect, respond and recover in a more effective way. Also, by investing in automation, you can lead a cultural change where everyone is a security professional, helping to spread the load.”
The full report is available on the Vectra site.