NEW DELHI : The post-covid increase in cyberattacks has been a source of concern for cybersecurity professionals in India, forcing many to switch jobs and pursue new roles with 49% expressing their intent to move jobs, while around 25% intending to choose entirely different roles, according to a report by market research firm Gartner, published last week.
“Cybersecurity professionals face unsustainable levels of stress,” Deepti Gopal, director analyst, Gartner, said. “CISOs (chief information security officers) are on the defensive, with the only possible outcomes that they do not get hacked or they do. The psychological impact of this directly affects decision quality and performance of cybersecurity leaders and their teams,” she said.
A report by IBM Security in October found 77% of cybersecurity incident responders in India experiencing extreme or considerable mental strain as a result of responding to a major cybersecurity incident.
They not only suffer from insomnia and burnout but it also impacts their social lives and relationships. “Many times, security policies and procedures are ambiguous and there is inadequate training,” said Suresh A Shan, cybersecurity expert, and head-innovation & technology, Mahindra Finance.
“Often security personnel complete an activity thinking they are operating within the scope of their job responsibilities, but find out later that they are being held accountable for a situation that they were not trained to handle or where they had no control over the outcome, adding to the stress,” he added.
Security Operations Centre professionals are among the most stressed and exhausted, said Prateek Bhajanka, APJ Field CISO at cybersecurity company, SentinelOne. The always-on culture and overwhelming number of alerts coming from digital surfaces across the organization are extremely challenging, he added. Besides, their “demands are not met as security is still not perceived as a boardroom issue by several companies”, Bhajanka said.
“Burnout and voluntary attrition are outcomes of poor organizational culture,” said Gopal.
“Eliminating stress may be an unrealistic goal, but people can manage incredibly challenging and stressful jobs in cultures where they’re supported,” he added.
Kumkum Jagadish, a Mumbai-based psychologist, said firms must emphasize workplace culture. “Communication must be a two-way street. People must take occasional breaks, vacation time and even learn to say ‘no’ wherever necessary,” she said. Professionals, especially in the high-stress security industry, must feel valued for their contributions to the organization to combat stress so that it doesn’t result in burnout.
Notably, India is one of the key targets for cybercriminals with over 75% of Indian firms found to have been hit by ransomware attacks since 2019, according to a report by cybersecurity firm Trend Micro, published in September 2022.
Given these dynamics as well as the massive market opportunities for cybersecurity professionals, talent churn poses a significant threat to security teams. For example, In India, 60% of the organizations have unfilled cybersecurity positions and 42% report their organization’s cybersecurity team is understaffed, according to the eighth annual cybersecurity survey from the global IT association ISACA published in March last year.
Munira Loliwala, business head at staffing firm TeamLease Digital, said that the Covid-19 pandemic has created a greater talent crunch in the cybersecurity field, even as demand for security engineers, cybersecurity analysts, and risk and data privacy professionals continues to rise. “This huge supply-demand gap has led to an increase in hiring for available positions on a contractual basis,” she said.
A Teamlease report released in November 2022 also noted that retention is a challenge in cybersecurity, as organizations lose 40%-45% of their talent within 3 to 6 months of being hired.
Download The Mint News App to get Daily Market Updates & Live Business News.