Support 110 years of independent journalism.

Advertorial feature by Symantec
  1. Spotlight on Policy
  2. Tech and Regulation
  3. Cybersecurity
25 April 2019updated 08 Sep 2021 3:44pm

Why cyber security needs a support network

True cyber resilience requires a collective effort across an organisation.

By Darren Thomson

Cyber security professionals regard their career as a vocation. They feel that their work has a genuine, valuable purpose; protecting the organisation they’re part of, and the customers it serves, and the world at large.

This comes from a new research commissioned by Symantec and led by Goldsmiths, University of London. It is based on feedback from more than 3,000 senior security professionals across France, Germany and the United Kingdom. The report is available for download here.

It finds that almost all (92 per cent) cyber professionals feel fully immersed in their work, even when it’s stressful. Indeed, 90 per cent of them say they thrive under pressure. And yet, simultaneously, 82 per cent of them feel burnt out. Two thirds are thinking of resigning from their current role, and about the same number are considering leaving the industry completely.

That’s worrying because it signifies that far too many cyber security professionals are being ground down by the realities of corporate life; limited decision-making powers, corporate inertia, rising responsibilities and static budgets. The evolving technology landscape, in particular cloud and mobility, creates new and complex security challenges. The vast majority of cyber professionals (82 per cent) report the amount of data flowing across multiple destinations means their estate is too vast and complex to defend effectively. The same percentage say they have too many cyber defence products to manage. Throw in the pressures of increasing regulatory compliance and the cyber security skills shortage, and it’s easy to appreciate how the reality of the day role isn’t matching the vocational calling.

The typical patchwork of legacy point solutions doesn’t help matters either – 82 perc ent say they suffer from security alerts (which are often duplicates, because they’re being triggered by multiple siloed security products). More than three quarters of professionals report having to rush assessments they are not wholly confident in, and so underestimate threats or incidents. More than two-thirds admit to having to go home and leave alerts unreviewed at the end of the day.

Select and enter your email address Your weekly guide to the best writing on ideas, politics, books and culture every Saturday. The best way to sign up for The Saturday Read is via The New Statesman's quick and essential guide to the news and politics of the day. The best way to sign up for Morning Call is via
  • Administration / Office
  • Arts and Culture
  • Board Member
  • Business / Corporate Services
  • Client / Customer Services
  • Communications
  • Construction, Works, Engineering
  • Education, Curriculum and Teaching
  • Environment, Conservation and NRM
  • Facility / Grounds Management and Maintenance
  • Finance Management
  • Health - Medical and Nursing Management
  • HR, Training and Organisational Development
  • Information and Communications Technology
  • Information Services, Statistics, Records, Archives
  • Infrastructure Management - Transport, Utilities
  • Legal Officers and Practitioners
  • Librarians and Library Management
  • Management
  • Marketing
  • OH&S, Risk Management
  • Operations Management
  • Planning, Policy, Strategy
  • Printing, Design, Publishing, Web
  • Projects, Programs and Advisors
  • Property, Assets and Fleet Management
  • Public Relations and Media
  • Purchasing and Procurement
  • Quality Management
  • Science and Technical Research and Development
  • Security and Law Enforcement
  • Service Delivery
  • Sport and Recreation
  • Travel, Accommodation, Tourism
  • Wellbeing, Community / Social Services
Visit our privacy Policy for more information about our services, how Progressive Media Investments may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications.

To compound that dire reality check, 41 per cent say a breach in inevitable, a third say they are currently vulnerable to avoidable threats (a searing indictment) and a quarter admit to having already suffered an avoidable incident. Throw in the pressures of increasing regulatory compliance and the cyber security skills shortage, and it’s easy to appreciate how the reality of the day job isn’t matching the vocational calling. No wonder two-thirds of cyber security professionals feel they are set for failure.

The full on, often reactive, nature of cyber security means it’s difficult to find the time to get on the front foot. It becomes a mend-and-make-do existence, saddled with increasing exposure and responsibility.

It needn’t be like this. Cyber security is one of the highest profile external threats to an organisation. It is a genuine boardroom concern, even if the board don’t understand the nuances. Effective security needs to be embedded across an organisation. It is a key enabler to transformation and growth. There are heavy fines and public censure for those that fall short. A step change cyber security budget is straight forward to justify, and platform-based solutions provide the maturity and management to address cyber security for more effectively.

For an industry with a serious skills shortage, leaders must step forward with a business-led modernisation agenda that will enable cyber security professionals, and their organisations, to take a more strategic approach. And that needs to happen quickly, before the numbers play themselves out.

Darren Thomson is EMEA CTO at Symantec.