Despite earnings £72,500 annually on average – almost double that of the UK average – new research has found that 65% of cybersecurity analysts have considered quitting their role due to workplace stress.
The study, carried out by security research firm Ponemon Institute and Devo Technology, was detailed in a recent report, Improving the Effectiveness of the Security Operations Center. The report quizzed 554 IT and IT security professionals that worked for organisations with security operations centres (SOC) – dedicated units tasked with overseeing the organisation’s security practices.
Those quizzed identified burnout caused by increasing workload as the biggest challenge they faced in their current role, closely followed by a lack of visibility into the company’s network and IT infrastructure, as well as being expected to be on call at all times.
Many feel that the SOC isn’t being given the proper support that it needs to implement effective security practices. The majority of respondents said that SOC objectives were not aligned with their company’s business leads, which made it difficult to gain support from senior figures within the organisation, or to gain the funding needed to invest in new technologies and talent. As a result, just 42% currently feel that their organisation’s SOC is effective.
“There are a number of factors contributing to the SOC’s overall ineffectiveness – such as the lack of visibility into IT security infrastructure – but the factor that truly stands out is the level of analyst burnout due to their heavy workload, and the immense amount of stress and pressure they are facing,” Larry Ponemon, founder of Ponemon Institute, said. “It is clear this is a critical area that needs to be addressed to improve SOC effectiveness.”
Keeping security professionals happy
“It is critical that businesses make the SOC a priority and evolve its effectiveness by empowering analysts to focus on high-impact threats and improving the speed and accuracy of triage, investigation, and response,” Julian Waits, general manager of cyber for Devo Technology, said.
The study found that businesses are investing 30% of their cybersecurity budget on the SOC each year on average. Some 12% are spending less than 10%, while just 4% are spending more than 50%.
The researchers concluded that spending on SOC is inadequate in many organisations. As well as leaving many feeling overworked, 68% believe that it has also made it difficult to attract and retain the skilled personnel needed to make the security centre effective.
Some 51% believe that access to more resources would alleviate their workplace stress. However, most respondents (67%) felt that investment in automation would be a better solution.