Today's cybersecurity professionals face "unsustainable levels of stress," according to Gartner Director Analyst Deepti Gopal. This could lead many cybersecurity professionals to pursue jobs outside the sector in the near future.
Gartner is predicting that nearly half of cybersecurity leaders will change jobs by 2025. In addition, Gartner is estimating that 25% of these leaders will leave the cybersecurity sector entirely.
Talent Churn a 'Significant Threat' for Security Teams
Gartner described talent churn as a "significant threat" for security teams, due in part to the stress that CISOs and other cybersecurity professionals face every day.
There are two possible outcomes for CISOs: their organizations "don't get hacked, or they do," Gopal indicated. As such, CISOs are constantly on the defense. This can have a psychological impact that affects CISOs' decision quality and the performance of their organizations' cybersecurity leaders and teams.
Meanwhile, Gartner indicated that organizations with compliance-centric cybersecurity programs, low executive support and inferior industry-level maturity typically do not view security risk management as critical to business success. Therefore, CISOs and other cybersecurity professionals within these organizations may struggle to get the support they need to thrive. This could drive many of these professionals to explore career opportunities outside of the cybersecurity industry — and leave their organizations in need of talent to fill their security roles.
Organizations Must Prioritize Cyber Protection
The projected talent churn among cybersecurity professionals could make it difficult for organizations to recruit and retain top security talent. Yet, there are several things that organizations can do to improve their security and help their cybersecurity professionals defend against cyberattacks and data breaches.
Gartner predicts that a lack of talent or human failure will be responsible for over half of significant cyber incidents by 2025. However, organizations can teach their employees about cybersecurity so they can identify cyberattacks and data breaches before they can cause long-lasting damage.
Furthermore, Gartner estimates that half of medium to large enterprises will adopt formal programs to manage insider risk by 2025, up from 10% in 2023. Organizations can develop risk management programs to "proactively and predictively identify behaviors that may result in the potential exfiltration of corporate assets or other damaging actions," Gartner indicated.
Along with these things, organizations can partner with MSSPs and MSPs to fill the cybersecurity talent gap. MSSPs and MSPs provide security services that organizations can use to identify and address cyberattacks. Also, MSSPs and MSPs can help organizations develop cybersecurity programs and keep pace with emerging cyber threats.