The cybersecurityCybersecurity solutions are essential in the digital age… industry is facing a growing internal crisis that does not have its roots in technology or external threats, but in the culture that sustains its current workforce. A recent ISACA report reveals a concerning trend that could compromise the sector’s ability to address the increasing cyber threats.
The Empathy Gap: The Missing Link in Cyber Resilience
ISACA’s research shows an alarming trend: empathy in leadership has slightly decreased, with only 11% of organizations now considering it an essential soft skill. This decline, though seemingly minor, has a profound impact on workplace culture and employee well-being.
As empathy decreases, burnout increases. 66% of cybersecurity professionals feel more stressed than they did five years ago. The lack of empathy makes it difficult for leaders to notice when their teams are overwhelmed, offer emotional support, and prevent burnout before it becomes a crisis.
The Looming Workforce Retention Crisis
Although retention rates in cybersecurity appear stable at first glance, there is a growing problem beneath the surface. Inflexible work policies and limited remote work options are silently causing dissatisfaction among professionals, a problem that could lead to a wave of attrition when economic conditions change.
32% of cybersecurity professionals are considering leaving their jobs due to limited remote work options, an increase from 28% last year. Inflexible work policies are also on the rise as reasons for job turnover, reaching 22%.
The Complexity Crisis: How Modern Attacks Are Leading to Burnout
Cyber threats have evolved far beyond phishing schemes and malware. Today, professionals must manage nation-state attacks, sophisticated ransomware, and threat actors using AI to scale their operations faster than human teams can respond.
81% of cybersecurity professionals cite the increasing complexity of attacks as a primary source of stress. The attack surface is expanding, and threats are becoming more targeted and precise, now driven by AI and machine learning.
The Burden of Unpredictability
In today’s cybersecurity environment, professionals are constantly facing increasingly complex and unpredictable threats. According to the ISACA report, the top three critical skills for 2024 are data protection (46%), identity and access management (45%), and incident response (44%).
The result is a workforce that is overloaded, ill-prepared, and increasingly vulnerable to burnout. Cybersecurity professionals must manage evolving threats and adapt to changing priorities with limited resources and training.
Leadership Gaps and Aging Workforce
The cybersecurity industry is on the brink of a leadership void. With 34% of the workforce now between 45 and 54 years old, the sector faces an imminent challenge as senior professionals approach retirement, yet 40% of organizations still report vacancies at the senior manager or director level.
Executive vacancies in cybersecurity remain high, currently at 28%, reflecting a slight improvement but still pointing to a significant leadership gap.
Budget Cuts and Human Costs
As cyber attacks grow in sophistication and frequency, one would expect organizations to increase their investments in cybersecurity. Surprisingly, the opposite is happening, as 44% of organizations report feeling underfunded despite the increasing complexity of attacks.
The cost of budget cuts extends far beyond financial constraints: it has a human cost. Cybersecurity professionals are expected to manage increasingly complex and evolving threats with fewer resources. This “do more with less” approach inevitably leads to burnout, increased workloads, and higher turnover.
Strengthening Cybersecurity through People-Centered Leadership
To reverse this trend, organizations must rethink their leadership approach, prioritizing empathy, flexibility, and support for the mental and emotional well-being of their teams. Leadership must evolve to recognize the growing pressure cybersecurity professionals face in defending against increasingly complex threats.
The future of cybersecurity depends on more than technological advancements: it depends on how we care for the people behind the defenses. A human-centered approach will ensure long-term success in a rapidly evolving threat landscape.
More information: State of Cybersecurity 2024