June 27, 2022 By Jennifer Gregory 3 min read

Companies that have low retention rates are likely to increase their risk of a cybersecurity attack. The recent ISACA’s State of the Cybersecurity Workforce study found that 69% of respondents whose companies faced more attacks in the past year report being somewhat or very understaffed. However, retention is becoming a bigger challenge. The report also found that 60% of respondents, up 7% from last year, are having issues retaining cybersecurity workers.

Organizations need a specific plan that focuses on cybersecurity retention. Workers in this industry have unique needs. Simply including them in a company-wide retention effort likely will not have lasting effects.

Here are five ways to retain more cybersecurity workers:

Remote work

Offer remote work as an option, even full-time if possible. Employees who prefer working remotely may begin to look for work at another company if forced back into the office. By offering permanent remote work, you also make it possible for employees to stay at your company if they must move. When you do have to fill a position, you have many more options. After all, your talent pool is now much larger than just in your local area.

Custom career paths

Create personalized career paths for cybersecurity workers. Employees are more likely to stay at a job if they feel in control of their careers. Often, people in this field don’t see progression right away, especially in a smaller department. Instead, they might see a higher-paying position with another employer and seize the chance. Many may not even realize that there is a clear path to CISO for a person with the right skills and strengths. By working with each employee to understand their goals, especially if they know whether they want to be a generalist or specialist, you can create a career path for them with goals. That helps your employee feel empowered to take charge of their future.

Promote from within

Promote from within your ranks. Even with written career paths, employees pay the most attention to what they see really happening. When higher-level positions in cybersecurity fill with external hires, they may feel that there is not an upward path for them at your company. When you have an open position, start talking to other people currently in the industry who may be interested and invite them to apply.

Reduce or prevent burnout

Focus on preventing, or at least reducing, burnout. The Life and Times of Cybersecurity Professionals 2020 found that burnout was caused by many factors. Skills shortage, lack of career guidance, few leadership professions, job happiness and threat actors still maintaining the upper hand all contribute. Cybersecurity workers facing burnout often either quit the profession or move to another company in search of more balance. Employers can reduce burnout by making projects as easy as possible, providing post-event rest and encouraging leaders to jump in to help when the team is short-staffed.

Stop harassment

Create a harassment-free workplace. Respect in Security found that a third of cybersecurity workers have had personal experiences with harassment online (32%) and in-person (35%). Businesses signing the Respect in Security corporate pledge show their commitment to ending harassment. Through training and education, you can reduce harassment and create a safe place for employees to work and collaborate. Businesses should also set up a hotline or digital channel for employees to anonymously report harassment without fear of backlash. When employees feel safe and supported at work, they are less likely to begin looking for another position.

The rate of attacks continues to increase and threat actors become even more sophisticated. So, retention is likely to remain a top concern in the future. By actively focusing on the specific needs of cybersecurity workers and creating an environment where they want to work, businesses can reduce their overall risk and vulnerability.

More from CISO

X-Force Threat Intelligence Index 2024 reveals stolen credentials as top risk, with AI attacks on the horizon

4 min read - Every year, IBM X-Force analysts assess the data collected across all our security disciplines to create the IBM X-Force Threat Intelligence Index, our annual report that plots changes in the cyber threat landscape to reveal trends and help clients proactively put security measures in place. Among the many noteworthy findings in the 2024 edition of the X-Force report, three major trends stand out that we’re advising security professionals and CISOs to observe: A sharp increase in abuse of valid accounts…

Boardroom cyber expertise comes under scrutiny

3 min read - Why are companies concerned about cybersecurity? Some of the main drivers are data protection, compliance, risk management and ensuring business continuity. None of these are minor issues. Then why do board members frequently keep their distance when it comes to cyber concerns?A report released last year showed that just 5% of CISOs reported directly to the CEO. This was actually down from 8% in 2022 and 11% in 2021. But even if board members don’t want to get too close…

The CISO’s guide to accelerating quantum-safe readiness

3 min read - Quantum computing presents both opportunities and challenges for the modern enterprise. While quantum computers are expected to help solve some of the world’s most complex problems, they also pose a risk to traditional cryptographic systems, particularly public-key encryption. To ensure their organization’s data remains secure now and in the future, chief information security officers (CISOs) should educate themselves about quantum computing, proactively address the coming quantum risks to cybersecurity and work to establish cryptographic agility in their enterprise.A future cryptographically…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today