Around 50% of CISOs are expected to change jobs by 2025, according to a Gartner study that found the cybersecurity leader’s job is becoming more stressful. Credit: Melanie Wasser Nearly half of CISOs will change jobs by 2025 due to stress caused by the risk of being breached while trying to retain staff, according to the Gartner report, Predicts 2023: Cybersecurity Industry Focuses on the Human Deal. The research firm found that the stressors of the cybersecurity world make the job of a cybersecurity professional unsustainable. This includes the knowledge that there are only two possible outcomes: get hacked or don’t. “The psychological impact of this is profound, directly affecting decision quality and performance of cybersecurity leaders and their teams,” found Gartner.Although burnout is nothing new, it did become more visible and common during and after COVID-19. For CISOs it is worse as more than 50% are challenged with work demands that lead to a poor work-life balance at least once a month. A leader recovering from the stress of a data breach could last less than five years on the job — the average tenure of a cybersecurity leader according to a 2020 Gartner research report.The stress of the job affects all cybersecurity professionals who are not afraid to look for different opportunities. But talent churn can damage the mission as replacing such professionals can cost up to 30% more than the investment needed to retain talent. The vast market opportunity caused by the lack of professionals doesn’t make things any easier. There is less than 0% unemployment in cybersecurity. “To mitigate this, cybersecurity leaders need to focus on the health and well-being of their teams, starting with themselves,” stated the report. Gartner also found that of those nearly 50% looking to change jobs, 25% are considering a complete change of role due to stress. Gartner analyst Deepti Gopal tells CSO that some will move workplaces while others will take on different roles such as become a cybersecurity evangelist, a CIO, or take up creative roles like becoming an artist.More stress and interruptions mean more riskThere is no work-life balance in the life of cybersecurity professionals, according to Gartner. This was exacerbated by the switch to hybrid work, which means professionals are constantly checking what is going on but also distracted. This can cause increased susceptibility to social engineering or poor management of a cyberattack, data breach or ransomware attack. Demand for professionals is driving wages up, but recent layoffs at big tech companies can mean more “elite cyber-pros” available, which can dampen the wage inflation and also create the opportunity for companies who would normally not be able to afford such professionals. “Market rates for talent may need to be reviewed multiple times. While proactively addressing salary and benefits may help retain employees, top talent often quits cultures,” according to Gartner.Companies that do not view cybersecurity risk management as critical face higher attrition. With CISOs constantly trying to balance high expectations against an absence of the tools needed to meet those expectations, good organizational culture can make a difference in retaining professionals.In a previous interview, cryptographer Jon Callas said: “Companies have to understand that it is in their benefit to back up the CISO. And CISOs have to earn trust as well.”Gartner suggests a change in engagement from CISOs may help in the long run. These include engage in collaborative design with business stakeholders, delegate responsibility, and be very clear on what is possible and what is not, and why.With the cost a data breach can cause any company this is an easy argument to change the mindset of the organization. Safety is seen alongside profitability rather than against it, CISOs should use that to change the company’s ideology and ensuring their department is seen as a crucial part of the business.“A key stressor of our work is that often our teams are playing a game they can’t win because they are always playing defense. We must find opportunities for our teams to be recognized for putting ‘points on the board’ rather than just blocking opponents.” Related content news AT&T suffers critical breach impacting 73 million customers Data released on the dark web impacts 7.6 million existing account holders and 65.4 million past subscribers. By Shweta Sharma 01 Apr 2024 4 mins Data Breach feature Recruit for diversity: Practical ways to remove bias from the hiring process Changing the wording on job descriptions and introducing a diverse hiring panel are some of the ways to remove bias when hiring cybersecurity professionals. By Aimee Chanthadavong 01 Apr 2024 8 mins Careers feature The CSO guide to top security conferences Tracking postponements, cancellations, and conferences gone virtual — CSO Online’s calendar of upcoming security conferences makes it easy to find the events that matter the most to you. By CSO Staff 01 Apr 2024 17 mins Technology Industry IT Skills Events news Top cybersecurity product news of the week New product and service announcements from Bedrock Security, GitGuardian, Legit Security, Nametag, and Cybereason and Observe By CSO staff 29 Mar 2024 70 mins Generative AI Security PODCASTS VIDEOS RESOURCES EVENTS SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe