Burnout among information security (InfoSec) professionals is a prevalent cause of staff turnover, as highlighted by a recent Kaspersky study that included participants from the META region (Saudi Arabia, UAE, Turkiye, South Africa, Nigeria and Egypt).
The study reveals that 40% of companies’ cybersecurity teams are understaffed. Despite finding adequately qualified professionals, retention remains difficult, particularly for mid to senior-level positions. Experienced professionals are challenging to find, recruit and retain due to high demand and limited supply.
Recruitment challenges and timeframes
Demand for experienced cybersecurity experts far outpaces supply, leading to prolonged recruitment periods and high turnover rates. Junior cybersecurity staff positions are typically filled within six months (70%) while only 3% of roles take more than a year to fill. In contrast, staffing senior positions are much more challenging with more than half of companies (58%) taking between four and nine months to find suitable candidates and 36% nine months or more. Only 6% of roles are filled in one to three months.
Tenure correlated with expertise
There is a strong correlation between level of expertise and tenure. Senior InfoSec professionals tend to stay longer in their roles with 49% remaining in top-level positions once achieved. Conversely, junior employees have a higher turnover rate with most staying three to four years and only a small fraction (3%) remaining beyond five years.
Resignation reasons
Key factors contributing to InfoSec professionals leaving their positions include personal (human) reasons such as compensation issues, inadequate working conditions and lack of management support. On the expert level, professionals often cite the need for continuous skills development and frustration with not having opportunities to work with the latest technologies and tools.
Professional dissatisfaction is the leading cause of resignations with lack of growth opportunities being the primary reason (59%). Lack of management support and monotonous work are also significant factors causing 50% and 49% of professionals to leave respectively. High stress levels and inflexible working policies further contribute to the turnover.[
An important finding is that 46% of experts are dissatisfied due to lack of opportunity to work with the latest technologies and tools. This is a fairly high percentage and, in many ways, depends on how the company builds its cybersecurity systems: Does it pay attention to employee development? Does it allocate money for various processes or interact with the market and other experts etc?
The burnout factor
It is not just the result of one stressful incident or working long hours. Rather, burnout is a state of physical, emotional and mental exhaustion driven by repeated stress. Individuals experiencing burnout often feel that nothing is functioning properly and that they are accomplishing very little. This chronic stress, driven by a combination of monotonous work and constant monitoring of security alerts, can lead to a severe state where individuals can no longer function effectively on a personal or professional level.
The insidious nature of burnout is that it develops gradually, often fooling hard-working professionals into believing that living in a constant state of stress is normal and acceptable. As a result, it can be difficult for individuals to recognise and address it early on.
To combat burnout, companies must rethink their approach to managing InfoSec teams. They need to find ways to relieve the stress faced by InfoSec professionals, provide them with tools to alleviate pressure and offer support and feedback. Automation plays a key role in this process, significantly reducing the daily burden on professionals by handling repetitive tasks such as monitoring alerts, analysing logs and responding to low-level threats. This shift allows professionals to focus on more complex and rewarding tasks, enhancing job satisfaction and career growth.
Strategies to retain employees and support their well-being
Kaspersky recommends the following strategies for companies to mitigate burnout and support InfoSec teams:
- Relieve stress and make work more rewarding by implementing reward systems and recognition programmes to boost morale.
- Evaluate staff and provide regular feedback through continuous performance evaluations and feedback to help professionals feel valued.
- Ensure management support by providing support in routine and complex tasks to ensure employees feel backed by their leadership.
- Rotate employees’ roles and manage workloads to prevent monotony and reduce stress.
- Automate processes by leveraging automated solutions for routine tasks, which eliminates the burden on professionals. Solutions such as Kaspersky Next XDR Expert can reduce monotony and free InfoSec professionals for more rewarding strategic work.
- Invest in additional training by offering professional development and ongoing educational programmes such as Kaspersky Expert training to keep skills current and employees engaged.
By addressing these factors, companies can better manage burnout among InfoSec professionals, improving retention and job satisfaction.
[EL1]The line at the bottom of this image should read:
The infographic is based on the Kaspersky study, “The portrait of modern information security professional”, which questioned 1 012 InfoSec professionals from 29 countries.
[EL2]Please change “organization” to organisation on this image. And the line at the bottom should read:
The infographic is based on the Kaspersky study, “The portrait of modern information security professional”, which questioned 1 012 InfoSec professionals from 29 countries.