- A third of security workers find CISO roles ‘unsuccessful’
- Companies still do not give enough resources to security workers
- 15% say prosecution threats prevent them from taking on CISO roles
Amid the current skills shortage, new research has revealed why many IT experts are unwilling to take on cybersecurity roles despite having healthy earning potential.
Seven in 10 IT security decision makers surveyed by BlackFog said stories of CISOs being personally responsible for cybersecurity incidents have negatively impacted the way they view the role, deterring them from wanting to progress to management positions and of leadership.
Additionally, survey participants added that responsible leaders often find themselves in a no-win situation, which increases the stress of the job.
Cybersecurity workers don’t want pressure
One in three (34%) said security leaders would face internal consequences for not reporting findings or face public criticism and possible prosecution if they did. The pressure isn’t just coming from within, however, as regulatory actions influence how companies handle cybersecurity incidents.
Nearly half (44%) added that their companies have already implemented processes to reduce their cybersecurity exposure in order to avoid regulatory scrutiny and liability.
Two in five (41%) also noted that their boards are taking cybersecurity more seriously as a result; However, security workers are still waiting for leaders to take action, such as providing more resources; Only 10% have seen more money dedicated to cybersecurity efforts.
“The role of the CISO is to manage risk to the organization, but as regulations tighten, security leaders increasingly need to consider their own personal risk,” said Dr. Darren Williams, CEO of BlackFog. .
The research highlighted a clear divide: half (49%) believe that the possibility of an individual being prosecuted after a cyber attack would improve accountability and transparency, and 15% say this would deter them from wanting to take on security roles. CISO in the future. .
Dr Williams called for clearer governance and incident response and reporting procedures; However, cybersecurity workers, including CISOs, need support from their companies.
