In 2022, the buzz phrase of the year has to be “The Great Resignation”. What is it? It’s a term coined to describe the current rise in people leaving their employer to find work elsewhere.
But people have always moved on, right? Of course they have. Staff retention rates have always been a target for most HR functions. But something is different in 2022. More people are leaving organisations quicker than they did previously. The reasons behind this are wide and varied, but one reason often quoted in reports is the drive for a better “work-life balance”.
This is a problem that all organisations now face, but in the Cybersecurity sector this is becoming an increasingly worrying issue that Boards now need to face up to.
The problem in the c-suite
Back in 2019, Nominet carried out a study on the role of the CISO and discovered a number of things, including that on average a CISO will stay in position for 26 months. We can only speculate as to what that number might now be, in 2022.
The report indicates that increased stress levels in the C-suite are a factor for a CISO to move on. They go on to indicate that poor work-life balance is an issue, as CISOs and their security teams are often expected to work longer hours than they are contracted to.
With the Pandemic, this situation has only worsened.
The Pandemic and the Great Resignation
The pandemic created a perfect storm for cybercrime as people were forced to work from home, often using old or unsecure systems and networks. Processes had to be quickly developed that would allow businesses to continue to operate and serve their clients – business survival, not business as usual, was the order of the day.
With this increased home working came the inevitable increase in phishing scams and attempts to infiltrate our networks. Cybercriminals did not take a break during the pandemic.
As stress levels continue to rise, generally, in the Board room, the fact remains that cybersecurity still isn’t fully understood by most businesses and most C-suites, and perhaps isn’t as respected as the CTO or CIO. Strategic and tactical decisions without fully understanding security or privacy issues add further issues and problems for the CISO.
When people don’t feel respected or appreciated, then undoubtedly they will begin to look elsewhere. And with organisations now offering remote roles, people aren’t restricted to their general locality any more. It would be quite possible for a CISO from Yorkshire, to support a business in London, Essex or Glasgow. The Pandemic has opened up a world of possibilities, not just for cybercriminals, but for anyone and any organisation willing to think differently about the way they work.
This opens up a world of opportunities for CISOs, and their teams, too.
The problems not only in the c-suite
Individuals across organisations are looking for improved work-life balance, and are willing to leave an organisation that doesn’t provide it. One of the reasons we’re now seeing this “Great Resignation” is because individuals have realized that they have options. The companies they worked for before, perhaps for many years, were quick to furlough them, or change the approach to home working.
Practices and processes were quickly adapted and adopted, and people were watching and taking notice.
Now, as the world returns to normal, these same people are asking very serious questions about how their company runs. And many organisations are being found wanting.
The Skills Gap
The great resignation is leading to a perception that there are skills gaps in the industry. However, I believe this is not true – there is an expectation gap, but not a skills gap. Expectations of workers coming into the industry, and expectations in the board room are wildly different. But, the differences lie in terms of expectations of task, and remuneration.
Hiring and retaining good technical staff is now both easier and harder. Easier because you can now hire someone who lives hundreds of miles away, but harder because you now need to be more inventive about how you engage with them.
Conclusion: The balance of power
To put it bluntly, organisations with household names don’t seem to have a skills shortage, as many of these companies seem exciting, and offer excellent salaries. What we do have a shortage of, is people willing to work for large, medium, or small businesses.
What has happened over the last couple of years is that the balance of power has shifted from the employer, to the employee. This is no different for the CISO, who we already know is under enormous pressure to deliver more, with less.
If this continues, then there is little wonder that we will continue to see the Great Resignation affecting the cybersecurity industry very soon indeed.
About the Author: Gary Hibberd is the ‘The Professor of Communicating Cyber’ at ConsultantsLikeUs and is a Cybersecurity and Data Protection specialist with 35 years in IT. He is a published author, regular blogger, and international speaker on everything from international security standards such as ISO27001 Dark Web to Cybercrime and CyberPsychology. He is passionate about providing pragmatic advice and guidance that helps people and businesses become more secure.
You can follow Gary on Twitter here: @AgenciGary
Editor’s Note: The opinions expressed in this guest author article are solely those of the contributor, and do not necessarily reflect those of Tripwire, Inc.