Companies that have low retention rates are likely to increase their risk of a cybersecurity attack. The recent ISACA’s State of the Cybersecurity Workforce study found that 69% of respondents whose companies faced more attacks in the past year report being somewhat or very understaffed. However, retention is becoming a bigger challenge. The report also found that 60% of respondents, up 7% from last year, are having issues retaining cybersecurity workers.
Organizations need a specific plan that focuses on cybersecurity retention. Workers in this industry have unique needs. Simply including them in a company-wide retention effort likely will not have lasting effects.
Here are five ways to retain more cybersecurity workers:
Remote work
Offer remote work as an option, even full-time if possible. Employees who prefer working remotely may begin to look for work at another company if forced back into the office. By offering permanent remote work, you also make it possible for employees to stay at your company if they must move. When you do have to fill a position, you have many more options. After all, your talent pool is now much larger than just in your local area.
Custom career paths
Create personalized career paths for cybersecurity workers. Employees are more likely to stay at a job if they feel in control of their careers. Often, people in this field don’t see progression right away, especially in a smaller department. Instead, they might see a higher-paying position with another employer and seize the chance. Many may not even realize that there is a clear path to CISO for a person with the right skills and strengths. By working with each employee to understand their goals, especially if they know whether they want to be a generalist or specialist, you can create a career path for them with goals. That helps your employee feel empowered to take charge of their future.
Promote from within
Promote from within your ranks. Even with written career paths, employees pay the most attention to what they see really happening. When higher-level positions in cybersecurity fill with external hires, they may feel that there is not an upward path for them at your company. When you have an open position, start talking to other people currently in the industry who may be interested and invite them to apply.
Reduce or prevent burnout
Focus on preventing, or at least reducing, burnout. The Life and Times of Cybersecurity Professionals 2020 found that burnout was caused by many factors. Skills shortage, lack of career guidance, few leadership professions, job happiness and threat actors still maintaining the upper hand all contribute. Cybersecurity workers facing burnout often either quit the profession or move to another company in search of more balance. Employers can reduce burnout by making projects as easy as possible, providing post-event rest and encouraging leaders to jump in to help when the team is short-staffed.
Stop harassment
Create a harassment-free workplace. Respect in Security found that a third of cybersecurity workers have had personal experiences with harassment online (32%) and in-person (35%). Businesses signing the Respect in Security corporate pledge show their commitment to ending harassment. Through training and education, you can reduce harassment and create a safe place for employees to work and collaborate. Businesses should also set up a hotline or digital channel for employees to anonymously report harassment without fear of backlash. When employees feel safe and supported at work, they are less likely to begin looking for another position.
The rate of attacks continues to increase and threat actors become even more sophisticated. So, retention is likely to remain a top concern in the future. By actively focusing on the specific needs of cybersecurity workers and creating an environment where they want to work, businesses can reduce their overall risk and vulnerability.