Support 100 years of independent journalism.

Advertorial feature by Symantec
  1. Spotlight
  2. Cyber
25 April 2019updated 08 Sep 2021 3:44pm

Why cyber security needs a support network

True cyber resilience requires a collective effort across an organisation.

By Darren Thomson

Cyber security professionals regard their career as a vocation. They feel that their work has a genuine, valuable purpose; protecting the organisation they’re part of, and the customers it serves, and the world at large.

This comes from a new research commissioned by Symantec and led by Goldsmiths, University of London. It is based on feedback from more than 3,000 senior security professionals across France, Germany and the United Kingdom. The report is available for download here.

It finds that almost all (92 per cent) cyber professionals feel fully immersed in their work, even when it’s stressful. Indeed, 90 per cent of them say they thrive under pressure. And yet, simultaneously, 82 per cent of them feel burnt out. Two thirds are thinking of resigning from their current role, and about the same number are considering leaving the industry completely.

That’s worrying because it signifies that far too many cyber security professionals are being ground down by the realities of corporate life; limited decision-making powers, corporate inertia, rising responsibilities and static budgets. The evolving technology landscape, in particular cloud and mobility, creates new and complex security challenges. The vast majority of cyber professionals (82 per cent) report the amount of data flowing across multiple destinations means their estate is too vast and complex to defend effectively. The same percentage say they have too many cyber defence products to manage. Throw in the pressures of increasing regulatory compliance and the cyber security skills shortage, and it’s easy to appreciate how the reality of the day role isn’t matching the vocational calling.

The typical patchwork of legacy point solutions doesn’t help matters either – 82 perc ent say they suffer from security alerts (which are often duplicates, because they’re being triggered by multiple siloed security products). More than three quarters of professionals report having to rush assessments they are not wholly confident in, and so underestimate threats or incidents. More than two-thirds admit to having to go home and leave alerts unreviewed at the end of the day.

Sign up for The New Statesman’s newsletters Tick the boxes of the newsletters you would like to receive. Quick and essential guide to domestic and global politics from the New Statesman's politics team. The New Statesman’s global affairs newsletter, every Monday and Friday. The best of the New Statesman, delivered to your inbox every weekday morning. A handy, three-minute glance at the week ahead in companies, markets, regulation and investment, landing in your inbox every Monday morning. Our weekly culture newsletter – from books and art to pop culture and memes – sent every Friday. A weekly round-up of some of the best articles featured in the most recent issue of the New Statesman, sent each Saturday. A weekly dig into the New Statesman’s archive of over 100 years of stellar and influential journalism, sent each Wednesday. Sign up to receive information regarding NS events, subscription offers & product updates.
I consent to New Statesman Media Group collecting my details provided via this form in accordance with the Privacy Policy

To compound that dire reality check, 41 per cent say a breach in inevitable, a third say they are currently vulnerable to avoidable threats (a searing indictment) and a quarter admit to having already suffered an avoidable incident. Throw in the pressures of increasing regulatory compliance and the cyber security skills shortage, and it’s easy to appreciate how the reality of the day job isn’t matching the vocational calling. No wonder two-thirds of cyber security professionals feel they are set for failure.

The full on, often reactive, nature of cyber security means it’s difficult to find the time to get on the front foot. It becomes a mend-and-make-do existence, saddled with increasing exposure and responsibility.

It needn’t be like this. Cyber security is one of the highest profile external threats to an organisation. It is a genuine boardroom concern, even if the board don’t understand the nuances. Effective security needs to be embedded across an organisation. It is a key enabler to transformation and growth. There are heavy fines and public censure for those that fall short. A step change cyber security budget is straight forward to justify, and platform-based solutions provide the maturity and management to address cyber security for more effectively.

For an industry with a serious skills shortage, leaders must step forward with a business-led modernisation agenda that will enable cyber security professionals, and their organisations, to take a more strategic approach. And that needs to happen quickly, before the numbers play themselves out.

Darren Thomson is EMEA CTO at Symantec.