Is your job getting harder?

by Black Hat Middle East and Africa
on
Is your job getting harder?

Explore our weekly delivery of inspiration, insights, and exclusive interviews from the global BHMEA community of cybersecurity leaders.

Keep up with our weekly newsletters on LinkedIn — subscribe here. 


Expand your perspective and build cyber resilience with the global Black Hat MEA community – in your inbox every week. 

This week we’re focused on…

Talent retention in cybersecurity. 

Because new research suggests that many practitioners are reaching a tipping point. A report from ISSA and Omdia notes that 68% of cybersecurity professionals believe the job has become harder over the past two years. 

And among those who have considered leaving their current role during the past 18 months, 57% have also considered leaving cybersecurity altogether.

That should concern everyone.

Cybersecurity has always been a demanding industry to work in. But the latest data suggests there’s a real question mark over whether the industry can retain the people it depends on.

Why is the job getting harder?

The obvious answer is threats.

Attack surfaces continue to expand; AI is creating new opportunities and new risks; organisations are becoming more dependent on technology while simultaneously becoming more difficult to secure.

But the research hints at the nuance underneath all this. When cybersecurity professionals were asked why the job has become more difficult, the top response wasn't cybercrime – more than half (55%) cited increased complexity and workload as the primary reason their profession has become harder. 

A further 52% pointed to growing threats and attack surfaces, while around a third highlighted budget pressures, inadequate training investment, increasingly complex compliance requirements and understaffed teams.

Cybersecurity practitioners are under pressure to defend against attackers while navigating growing organisational complexity, skills shortages and resource constraints.

And that pressure is starting to show: only 2% of respondents said they don't feel stressed about their cybersecurity role.

The leading causes of stress included:

  • Overwhelming workloads.
  • Keeping pace with the security implications of new initiatives such as AI.
  • Fear of missing an attack.
  • The constant stream of emergencies that pull teams away from strategic work.

As Dr. Leila Taghizadeh (CISO for IberoLatAm and Global Head of Cyber Risk at Allianz) told us in an interview a couple of years back: 

“Without a doubt, burnout and stress are massive issues in the cybersecurity space. Over the years, I've seen this pressure mount to unprecedented levels.”

The burden of being responsible for everything

One of the most revealing findings in the report is about responsibility. 

Nearly seven in ten respondents said a cybersecurity career can be taxing on work-life balance. Similar numbers reported working in organisations that don't properly understand or adequately fund cybersecurity. Almost two-thirds said security teams are often viewed as blockers to innovation.

All of this puts cybersecurity leaders in a difficult position. 

If security works, nobody notices. But if security fails, everyone notices.

As Taghizadeh said:

“It's no longer a question of 'if' there will be a new threat – it's a constant stream of high-stakes situations, where even a single oversight can have disastrous consequences.” 

That constant pressure creates a unique psychological burden. The stakes are high, the work often goes unseen, and success is usually measured by what doesn't happen.

Very few professions operate under those conditions. 

From burnout problem to retention problem

Stress isn’t only affecting wellbeing now – it’s also affecting retention. 

Nearly half of respondents have considered leaving their current cybersecurity role during the past 12 to 18 months.

Among those professionals, more than half have also considered leaving cybersecurity entirely.

When asked why, high stress topped the list, followed by limited advancement opportunities, poor work-life balance and insufficient leadership commitment to cybersecurity.

At the same time, organisations are struggling with talent shortages. Three-quarters of respondents reported that their organisation has been affected by the cybersecurity skills gap. The consequences fall on the shoulders of individuals: heavier workloads, redirected priorities, increased burnout, rising attrition and greater risk of human error.

It’s a vicious cycle: skills shortages increase workload, workload increases stress, stress drives people out of the profession – and that deepens the skills shortage. 

So what needs to change?

The good news is that the research also points towards solutions.

When cybersecurity professionals were asked what contributes most to job satisfaction, the top responses were:

  • Leadership commitment to cybersecurity.
  • Competitive compensation. 
  • Support for career development.

People want to feel that their work is important. They want opportunities to grow – and they want organisations to recognise the realities of the job.

As Taghizadeh put it:

“Cybersecurity teams need to feel valued for the work they do every day, not just when there's a breach.” 

If the people protecting our systems are starting to believe the job is becoming unsustainable, then resilience will rely on creating environments where cybersecurity professionals can thrive, develop and build long-term careers.

Because if we fail to retain the talent we already have, today’s skills shortage could be nothing compared to what's coming next.

Share on

Join newsletter

Join the newsletter to receive the latest updates in your inbox.


Follow us


Topics

Sign up for more like this.

Join the newsletter to receive the latest updates in your inbox.

Related articles