{"id":95476,"date":"2023-07-13T19:31:11","date_gmt":"2023-07-13T19:31:11","guid":{"rendered":"https:\/\/www.techrepublic.com\/?p=4135195"},"modified":"2023-07-13T19:31:11","modified_gmt":"2023-07-13T19:31:11","slug":"gartner-due-to-stress-half-of-cyber-leaders-will-change-jobs-and-a-quarter-will-quit-the-field","status":"publish","type":"post","link":"https:\/\/cloudnewshub.com\/?p=95476","title":{"rendered":"Gartner: Due to stress, half of cyber leaders will change jobs, and a quarter will quit the field"},"content":{"rendered":"<figure id=\"attachment_4135201\" aria-describedby=\"caption-attachment-4135201\" class=\"wp-caption alignnone\"><img loading=\"lazy\" decoding=\"async\" class=\"size-article wp-image-4135201\" src=\"http:\/\/cloudnewshub.com\/wp-content\/uploads\/2023\/07\/gartner-due-to-stress-half-of-cyber-leaders-will-change-jobs-and-a-quarter-will-quit-the-field.jpg\" alt=\"A chief information security officer looking at many screens.\" width=\"770\" height=\"433\"><figcaption id=\"caption-attachment-4135201\" class=\"wp-caption-text\">Image: Gorodenkoff\/Adobe Stock<\/figcaption><\/figure>\n<p>Gartner\u2019s <a href=\"https:\/\/webinar.gartner.com\/495599\/agenda\/session\/1158017?login=ML\" target=\"_blank\" rel=\"noopener noreferrer\">2023-2024 cybersecurity outlook<\/a>, which the consultancy presented this week, contains good news and bad. There has been a significant shift from three years ago when chief information security officers were struggling to exert board-level influence.<\/p>\n<p>Partly due to emerging technologies such as Web 3.0, conversational artificial intelligence, quantum computing and supply chains, along with <a href=\"https:\/\/www.techrepublic.com\/article\/aqua-security-study-increase-memory-attacks\/\">increasingly sophisticated attacks<\/a>, security leaders now have more influence in the C-suite. However, as Craig Porter, director advisory for Gartner\u2019s Security Research and Advisory team said, \u201cThreat actors have access to powerful tools like ChatGPT, which can generate polymorphic malware code that can avoid detection, or even better, write a convincing email. What a fun time to be a security professional!\u201d<\/p>\n<p>Jump to:<\/p>\n<p><strong>SEE: <\/strong>Thales report on cloud assets, an additional <a href=\"https:\/\/www.techrepublic.com\/article\/thales-2023-cloud-security-report\/\">security headache<\/a> (TechRepublic)<\/p>\n<h2 id=\"what\">What is compromising security? Teams under stress<\/h2>\n<p>Gartner predicts that by 2025 nearly half of cyber leaders will change jobs, with 25% moving to different roles entirely due to multiple work-related stressors.<\/p>\n<p>\u201cIt\u2019s another acceleration caused by the pandemic and staffing shortages across the industry,\u201d said Porter, adding that security teams are in the spotlight when things go wrong, but not celebrated when attacks aren\u2019t successful.<\/p>\n<p>\u201cThe work stressors are on the rise for cybersecurity and becoming unsustainable. It seems like it\u2019s always \u2018good dog,\u2019 never \u2018great dog.\u2019 The only possible outcomes in our jobs as security risk management professionals are either get hacked or don\u2019t get hacked. That puts security risk management leaders on the edge of their limits with profound and deep psychological impacts that affect decisions and performance,\u201d he said.<\/p>\n<p>An April study by security firm Splunk concurs with Gartner\u2019s findings. In Splunk\u2019s <a href=\"https:\/\/www.splunk.com\/en_us\/campaigns\/state-of-security.html#:~:text=Fifty-two%20percent%20of%20orgs%20report%20suffering%20a%20recent,%2857%25%20of%20orgs%29%20Loss%20of%20confidential%20data%20%2848%25%29\" target=\"_blank\" rel=\"noopener noreferrer\">2023 State of Security<\/a> report:<\/p>\n<ul>\n<li>Eighty-eight percent of respondents across North America, Western Europe and Asia-Pacific reported challenges with cybersecurity staffing and skills.<\/li>\n<li>Fifty-three percent said that they cannot hire enough staff generally, and 59% reported being unable to find talent with the right skills.<\/li>\n<li>Eighty-one percent said critical staff member(s) left the organization for another job due to burnout.<\/li>\n<li>Over three-quarters of respondents revealed that the resulting increase in their workload has led them to consider looking for a new role.<\/li>\n<li>Seventy-seven percent said one or more projects\/initiatives have failed.<\/li>\n<\/ul>\n<h2 id=\"solutions\">Solutions include adjusting expectations<\/h2>\n<p>Gartner suggests security and risk management leaders need to change the culture.<\/p>\n<p>\u201cCybersecurity leaders can change the rules of engagement through collaborative design with stakeholders, delegating responsibility and being clear on what\u2019s possible and what\u2019s not, and why,\u201d said Porter. He added that creating a culture where people can make autonomous decisions around risk \u201cIs an absolute must.\u201d<\/p>\n<p><strong>SEE: <\/strong>Google offers low-cost <a href=\"https:\/\/www.techrepublic.com\/article\/google-cybersecurity-certificate\/\">online certificate<\/a> in cybersecurity (TechRepublic)<\/p>\n<p>He said organizations should prioritize culture shifts to enhance autonomous, risk aware decision making and manage expectations with an accurate profile of the strengths and limitations of their security programs.<\/p>\n<p>\u201cAnd use human error as a key indicator of cybersecurity fatigue within the organization,\u201d Porter added.<\/p>\n<h2 id=\"organizations\">Organizations should make privacy a competitive advantage<\/h2>\n<p>Gartner predicts that by 2024, modern privacy regulation will blanket the majority of consumer data but less than 10% of organizations will have successfully made privacy a competitive advantage. He noted that, as the pandemic accelerated privacy concerns, organizations have a clear opportunity to strengthen business by leveraging their privacy advancements.<\/p>\n<p>\u201cJust as a general statistic to exemplify the growth of this trend, the percentage of the world\u2019s population with access to several fundamental privacy rights exceeds that with access to clean drinking water,\u201d he said.<\/p>\n<aside class=\"pinbox right\">\n<h3 class=\"heading\">Must-read security coverage<\/h3>\n<\/aside>\n<p>He said that avoiding fines, breaches and reputation are the most significant benefits conferred to organizations implementing privacy programs; but additionally, enterprises are recognizing that privacy programs are enabling companies to differentiate themselves from competitors and build trust and confidence with customers, business partners, investors, regulators and the public.<\/p>\n<p>\u201cWith more countries introducing more modern privacy laws in the same vein as the European Union\u2019s General Data Protection Regulation, we have crossed a threshold where the European baseline for handling personal information is the de facto global standard,\u201d said Porter. He counseled security and risk management leaders to enforce a comprehensive privacy standard in line with the General Data Protection Regulation. Doing so, he said, will be a differentiator for companies in an increasingly competitive market.<\/p>\n<p>\u201cIt\u2019s a business opportunity. This is kind of the new \u2018go green\u2019 or \u2018cruelty free\u2019 or \u2018organic.\u2019 All of these labels tell you about the value proposition of the company, so why not use privacy as a competitive advantage?\u201d he said, pointing out that Apple has marketed privacy strongly, and by some reports has grown 44% in some markets from that privacy campaign.<\/p>\n<h2 id=\"other\">Other predictions include more large enterprises with zero trust<\/h2>\n<p>Among Gartner\u2019s predictions for this year and next are:<\/p>\n<ul>\n<li>By 2025, 50% of leaders will have tried unsuccessfully to use cyber risk quantification to drive enterprise decision making.<\/li>\n<li>By 2026, 10% of large enterprises will have a comprehensive, mature and measurable zero-trust program in place, up from less than 1% today.<\/li>\n<li>Through 2026, more than 60% of threat detection investigation and response capabilities will leverage exposure management data to validate, prioritize and detect threats.<\/li>\n<li>By 2026, 70% of boards will include one member with cybersecurity expertise.<\/li>\n<li>By 2027, 50% of large enterprise CISOs will have adopted human-centric security practices to minimize cyber induced friction and maximize adoption of controls.<\/li>\n<li>By 2027, 75% of employees will acquire, modify or create tech outside of IT\u2019s visibility, up from 41% today.<\/li>\n<\/ul>\n<h2 id=\"evolve\">Evolve to meet threats, but do it quickly<\/h2>\n<p>A key takeaway from Gartner\u2019s overview was that organizations need to patch the tire while riding the bike. \u201cIf you have not done so, you need to adapt,\u201d said Porter, adding that most company boards will see cyber risk as a top business risk to manage. \u201c\u2026 We estimate that technology work will shift to a decentralized model in a big way in the next four to five years,\u201d he said.<\/p>\n<p>Porter also said that there has been a sea change when it comes to how CISO\u2019s are perceived by the C-suite and boards: Three years ago, CISOs were struggling to have a seat within the C-suite about risks and threats. \u201cWe have seen that scenario change drastically,\u201d said Porter.<\/p>\n<p>Gartner\u2019s presentation included an apt quote from self-development guru Brian Tracy, \u201c\u2026in a time of rapid change, standing still is the most dangerous course of action.\u201d<\/p>\n<p> <!-- default newsletter at the end --> <\/p>\n","protected":false},"excerpt":{"rendered":"<p>Image: Gorodenkoff\/Adobe Stock Gartner\u2019s 2023-2024 cybersecurity outlook, which the consultancy presented this week, contains good news and bad. There has been a significant shift from three years ago when chief information security officers were struggling to exert board-level influence. Partly due to emerging technologies such as Web 3.0, conversational artificial intelligence, quantum computing and supply [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":95477,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[40,783,56,720,287],"tags":[],"class_list":["post-95476","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cloud","category-cloudsync","category-cybersecurity","category-gartner","category-security"],"_links":{"self":[{"href":"https:\/\/cloudnewshub.com\/index.php?rest_route=\/wp\/v2\/posts\/95476","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/cloudnewshub.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/cloudnewshub.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/cloudnewshub.com\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/cloudnewshub.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=95476"}],"version-history":[{"count":0,"href":"https:\/\/cloudnewshub.com\/index.php?rest_route=\/wp\/v2\/posts\/95476\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/cloudnewshub.com\/index.php?rest_route=\/wp\/v2\/media\/95477"}],"wp:attachment":[{"href":"https:\/\/cloudnewshub.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=95476"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/cloudnewshub.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=95476"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/cloudnewshub.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=95476"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}