Companies that have low retention rates are likely to increase their risk of a cybersecurity attack. The recent ISACA’s State of the Cybersecurity Workforce study found that 69% of respondents whose companies faced more attacks in the past year report being somewhat or very understaffed. However, retention is becoming a bigger challenge. The report also found that 60% of respondents, up 7% from last year, are having issues retaining cybersecurity workers.

Organizations need a specific plan that focuses on cybersecurity retention. Workers in this industry have unique needs. Simply including them in a company-wide retention effort likely will not have lasting effects.

Here are five ways to retain more cybersecurity workers:

Remote Work

Offer remote work as an option, even full-time if possible. Employees who prefer working remotely may begin to look for work at another company if forced back into the office. By offering permanent remote work, you also make it possible for employees to stay at your company if they must move. When you do have to fill a position, you have many more options. After all, your talent pool is now much larger than just in your local area.

Custom Career Paths

Create personalized career paths for cybersecurity workers. Employees are more likely to stay at a job if they feel in control of their careers. Often, people in this field don’t see progression right away, especially in a smaller department. Instead, they might see a higher-paying position with another employer and seize the chance. Many may not even realize that there is a clear path to CISO for a person with the right skills and strengths. By working with each employee to understand their goals, especially if they know whether they want to be a generalist or specialist, you can create a career path for them with goals. That helps your employee feel empowered to take charge of their future.

Promote From Within

Promote from within your ranks. Even with written career paths, employees pay the most attention to what they see really happening. When higher-level positions in cybersecurity fill with external hires, they may feel that there is not an upward path for them at your company. When you have an open position, start talking to other people currently in the industry who may be interested and invite them to apply.

Reduce or Prevent Burnout

Focus on preventing, or at least reducing, burnout. The Life and Times of Cybersecurity Professionals 2020 found that burnout was caused by many factors. Skills shortage, lack of career guidance, few leadership professions, job happiness and threat actors still maintaining the upper hand all contribute. Cybersecurity workers facing burnout often either quit the profession or move to another company in search of more balance. Employers can reduce burnout by making projects as easy as possible, providing post-event rest and encouraging leaders to jump in to help when the team is short-staffed.

Stop Harassment

Create a harassment-free workplace. Respect in Security found that a third of cybersecurity workers have had personal experiences with harassment online (32%) and in-person (35%). Businesses signing the Respect in Security corporate pledge show their commitment to ending harassment. Through training and education, you can reduce harassment and create a safe place for employees to work and collaborate. Businesses should also set up a hotline or digital channel for employees to anonymously report harassment without fear of backlash. When employees feel safe and supported at work, they are less likely to begin looking for another position.

The rate of attacks continues to increase and threat actors become even more sophisticated. So, retention is likely to remain a top concern in the future. By actively focusing on the specific needs of cybersecurity workers and creating an environment where they want to work, businesses can reduce their overall risk and vulnerability.

More from CISO

How to Solve the People Problem in Cybersecurity

You may think this article is going to discuss how users are one of the biggest challenges to cybersecurity. After all, employees are known to click on unverified links, download malicious files and neglect to change their passwords. And then there are those who use their personal devices for business purposes and put the network at risk. Yes, all those people can cause issues for cybersecurity. But the people who are usually blamed for cybersecurity issues wouldn’t have such an…

The Cyber Battle: Why We Need More Women to Win it

It is a well-known fact that the cybersecurity industry lacks people and is in need of more skilled cyber professionals every day. In 2022, the industry was short of more than 3 million people. This is in the context of workforce growth by almost half a million in 2021 year over year per recent research. Stemming from the lack of professionals, diversity — or as the UN says, “leaving nobody behind” — becomes difficult to realize. In 2021, women made…

Backdoor Deployment and Ransomware: Top Threats Identified in X-Force Threat Intelligence Index 2023

Deployment of backdoors was the number one action on objective taken by threat actors last year, according to the 2023 IBM Security X-Force Threat Intelligence Index — a comprehensive analysis of our research data collected throughout the year. Backdoor access is now among the hottest commodities on the dark web and can sell for thousands of dollars, compared to credit card data — which can go for as low as $10. On the dark web — a veritable eBay for…

Detecting the Undetected: The Risk to Your Info

IBM’s Advanced Threat Detection and Response Team (ATDR) has seen an increase in the malware family known as information stealers in the wild over the past year. Info stealers are malware with the capability of scanning for and exfiltrating data and credentials from your device. When executed, they begin scanning for and copying various directories that usually contain some sort of sensitive information or credentials including web and login data from Chrome, Firefox, and Microsoft Edge. In other instances, they…