show image

Most security workers have considered quitting over lack of resources

Seven out of 10 cyber security workers have considered quitting their jobs because they do not have enough staff or tech in place to stem the tide of attacks, according to new research.

A survey of 300 security workers in UK organisations employing more than 500 people found that 79 per cent were suffering from a lack of resources, with one in two saying that staff shortages were the biggest threat to their defences.

But the research also revealed that while the average organisation uses 33 security solutions and 57 per cent of respondents said they were suffering from alert overload, 65 per cent are looking to deploy more efficient technology.

“It’s no secret that companies of all sizes have been having a hard time finding qualified personnel to manage their often-overwhelmed security operations,” said Ed Macnair, the chief executive of Censornet, which carried out the research.

“We can hardly be surprised that 74 per cent of cyber security professionals describe themselves as ‘very busy’, but it is worrying that technology isn’t yet helping to solve the problem.”

Research published earlier this month to support the government’s cyber security strategy revealed that half of businesses and charities are facing a technical cyber skills shortage. “Given the inherent nature of cyber threats to a digital economy, such a capability gap is not sustainable,” officials noted.

The government is seeking to boost the number of opportunities people have to retrain as cyber security professionals, with the launch of a Cyber Skills Immediate Impact Fund, as well as a £20m Cyber Discovery programme to encourage more young people to consider a career in the industry.

Macnair said the research demonstrated there is an appetite for autonomous security solutions. “Automating activity such as repetitive low-level tasks usually undertaken by a human can free up limited analyst resources to focus on more advanced tasks, helping to close staffing and expertise gaps and also help stave off cyber fatigue,” he said. “It is taking the security industry beyond events and alerts and into 24×7 automated attack prevention.”