by Jeanne Zepp
Cybersecurity remains a top priority among organizations large and small. While we all appreciate the growing need for cybersecurity, the press announcement for a new Gartner report (Predicts 2023: Cybersecurity Industry Focuses on the Human Deal) shines a light on two important findings with significant implications for the field. The first relates to on-the-job stress. The second relates to insider threat.
Gartner makes a stunning prediction: Stress will cause one-fourth of cybersecurity leaders to leave their profession and assume different roles by 2025. The reason? They live in a binary world where, every day, they face one of two outcomes: the organization is attacked successfully, or the organization’s systems remain secure. Living with this pressure is difficult enough under the best of circumstances. It is unsustainable when there is an absence of management support and a cybersecurity approach that is more about compliance than a strategic vision.
Stress will cause one-fourth of cybersecurity leaders to leave their profession and assume different roles by 2025.
The human element has long played a key role in cyber breaches. Gartner suggests that, in two years, 50 percent of attacks considered “significant” will be attributable to people. The first issue — talent turnover — will be a factor as some security failures will result from a lack of expertise in key roles. Other incidents will correlate to attackers’ growing focus on phishing and other forms of social engineering. Perhaps worst of all, Gartner’s survey found that almost 70 percent of respondents indicated they had circumvented cybersecurity controls within the last year, while almost two-thirds indicated a willingness to do so. Why? Their rationale centered on helping themselves or their colleagues attain a business goal.
In two years, 50 percent of attacks considered “significant” will be attributable to people.
Improving organizational culture is seen to be a stress-reducing factor that workplaces can employ to help keep qualified individuals within the cybersecurity field. Similarly, greater emphasis on programs that address insider risk threat in a positive way is seen as the optimal way to simultaneously counter social engineering efforts, staff willingness to bypass cybersecurity measures, and other often-overlooked cybersecurity concerns.