Lacework reveals the dire impact of burnout in ANZ cybersecurity industry

Richard Davies, Area Director Australia and New Zealand at Lacework

Lacework®, the data-driven cloud security firm, released new research into burnout in the cyber security industry across ANZ. The results revealed over half (57%) of cybersecurity professionals are either looking for new employers or considering exiting the industry all together. This fuels concerns about local cyber skills shortages, with more than one quarter of respondents (27%) also saying that current resourcing is failing to meet this years’ needs.

What were the findings of Lacework’s survey?

The survey, conducted amongst Australia and New Zealand IT decision makers with a responsibility for cloud cyber security, also highlighted the need for greater toolchain consolidation and alert reduction to alleviate rising complexity and stress in the industry.

Increased stress levels driving industry burnout

Highlighting the burgeoning workload security professionals face, almost all (87%) of those considering leaving the industry cite ‘burnout from workload’ as a reason. Rising stress levels were also reported across the sector. Over half (54%) said they find cybersecurity a more challenging work environment than when they started. This is felt even more so amongst C-Suite and senior management roles, with over two-thirds (69%) saying the same.

The impacts of local businesses shifting to remote work post-pandemic has also led to greater strain on cybersecurity professionals, with more than half (57%) of respondents saying they are personally managing a remote workforce. Of those, 58% report increased stress as a result, and close to three quarters (70%) have an increased workload.

Cybersecurity struggling to retain talent long-term

Highlighting dire concerns about the industry’s ability to retain talent, the study showed that the newer a member is to cybersecurity, the more likely they are to leave. Those with less than one year of experience are more likely to leave (64%) than those with two (44%).

The Net Promoter Score (NPS) for cybersecurity was also very low at -9.4, putting the industry on par or worse off than airline and insurance sectors. Worryingly, for those in the field for two years or less, the NPS is -32, showing that those new to the industry are having a negative experience and even less likely to recommend cybersecurity as a career.

“New, talented individuals are leaving the cybersecurity industry too fast. To retain crucial talent in a tight market, more needs to be done to reduce the workload and stress on all those in the industry, and particularly newcomers. This is especially so given the rapid rate of change in the sector and mounting public pressure from recent high-profile security breaches,” said Richard Davies, Area Director Australia and New Zealand, Lacework.

Tool and alert overload driving complexity and risk

The research highlighted the need for drastic toolchain consolidation amongst local IT businesses. Cybersecurity staff across ANZ must learn and manage, on average, 12.9 different tools. Alarmingly, almost one third of ANZ cyber security professionals rate those tools as poor, and three quarters believe accuracy of tools could be improved.

This proliferation of tools, combined with a burgeoning workload, has also meant that many alerts are going unchecked. Approximately two thirds (64%) of Australia and New Zealand organisations surveyed fail to check all alerts – leaving organisations open to risk.

Davies continues: “We are seeing a proliferation of tools – but neither are helping to reduce the workload for those in the industry. Conversely, they are adding more strain. The role of automation in this context is clear – we can streamline not only the monitoring and administrative processes in cybersecurity, but also reduce the alerts and thereby reduce risk.”

For further information on Lacework, visit the Lacework website.