The Gartner report showed what factors will affect the decline in the number of qualified employees.
“Cybersecurity professionals face an unacceptable level of stress,” said Deepti Gopal, chief analyst at Gartner. “CEOs in information security are constantly on the defensive with the only possible outcome – either their company gets hacked or it doesn’t. The psychological impact of this directly affects the quality of decisions and the effectiveness of cybersecurity leaders and their teams.”
Given these dynamics, as well as the huge market opportunities for security professionals, employee turnover is a major threat to security teams. Gartner research shows that compliance-focused cybersecurity programs, low management support, and poor industry maturity are all signs of an organization that does not consider security risk management critical to business success. Such companies are likely to have higher turnover rates as talent moves into positions where their impact is felt and appreciated.
Eliminating work stress is nearly impossible, according to Gartner experts, but employees can handle incredibly complex and stressful work in teams where they are supported.
People are the main cause of cyber incidents
Gartner predicts that by 2025, the lack of highly qualified specialists or human error will be the cause of more than 50% of disruptive cyber incidents. The number of cyberattacks and social engineering attacks is on the rise as attackers increasingly see humans as the most vulnerable point of exploitation.
A May and June 2022 Gartner survey of 1,310 employees found that 69% of employees have violated their organization's cybersecurity guidelines in the past 12 months. In a survey, 74% of employees said they would be willing to bypass cybersecurity guidance if it helped them or their team achieve a business goal.
Gartner vice president of analytics Paul Furtado argues that contention, which slows down employees and leads to unsafe team behavior, is an important factor in an insider attack.
To counter this growing threat, Gartner predicts that by 2025, 50% of midsize and large businesses will implement insider attack risk management programs (compared to 10% currently). A targeted insider attack risk management program should proactively identify behavior that could lead to potential theft of corporate assets or other malicious activities and provide corrective recommendations.
Furtado noted that cybersecurity directors should consider the risk of insider attacks when developing a cybersecurity program. Traditional cybersecurity tools have limited visibility into threats coming from within.
Gartner is an American research and consulting company specializing in information technology markets. Considered a key researcher of IT markets.