According to a new report from Gartner, by 2025, nearly 50% of cybersecurity leaders will change jobs, and 25% will move to other roles solely because of multiple job-related stressors.
Let me remind you that we also wrote that Malware developers are increasing the use of the unusual programming languages, and also that Microsoft estimated that ransomware attacks take less than 45 minutes.
Also the media noted that The number of ransomware DDoS attacks has dropped significantly.
Given these dynamics, as well as the huge market opportunities for security professionals, employee turnover is a major threat to security teams.
Gartner research shows that compliance-focused cybersecurity programs, low management support, and poor industry maturity are all signs of an organization that does not consider security risk management critical to business success. Such companies are likely to have higher turnover rates as talents move into positions where their impact is felt and appreciated.
Eliminating work stress is nearly impossible, according to Gartner experts, but employees can handle incredibly complex and stressful work in teams where they are supported.
Gartner predicts that by 2025, the lack of highly qualified specialists or human error will be the cause of more than 50% of disruptive cyber incidents. The number of cyberattacks and social engineering attacks is on the rise as attackers increasingly see humans as the most vulnerable point of exploitation.
A Gartner survey conducted in May and June 2022 of 1,310 employees found that 69% of employees violated their organization’s guidelines for cybersecurity over the past 12 months. In a survey, 74% of employees said they would be willing to bypass cybersecurity guidance if it helped them or their team achieve a business goal.
Gartner vice president of analytics Paul Furtado argues that contention, which slows down employees and leads to unsafe team behavior, is an important factor in an insider attack.
To counter this growing threat, Gartner predicts that by 2025, 50% of midsize and large businesses will implement insider attack risk management programs (compared to 10% currently).
A targeted insider attack risk management program should proactively identify behavior that could lead to potential theft of corporate assets or other malicious activities and provide corrective recommendations.
Furtado noted that cybersecurity directors should consider the risk of insider attacks when developing a cybersecurity program. Traditional cybersecurity tools have limited visibility into threats coming from within.
Reference:
Gartner is an American research and consulting company specializing in information technology markets. Considered a key researcher of IT markets.