The so-called High-Alert Study was conducted by Symantec in collaboration with the psychologist and scientist Dr. Chris Brauer, Director of Innovation at Goldsmiths, University of London. More than 3,000 cyber security decision-makers in middle and senior management positions from France, Germany (1,003 participants) and the UK were surveyed.
Too much stress from too many directions
Basically, the members of the security teams are not doing a bad job - the demands on the job have simply increased enormously. The work is associated with a rapid pace and high intellectual demands. Although this is a certain attraction and is considered exciting and motivating by 92 percent of those surveyed, it can also turn into a negative factor if the teams receive too little support. Three-quarters of the respondents from Germany feel paralyzed by the constant excessive demands - many are even thinking about changing jobs or industries. In times of an already pressing shortage of skilled workers, this represents an additional risk for companies.
The cost is often higher than expected
Talents and employees with the required skills are scarce in today's job market for IT security professionals, making the security of businesses all the more threatening. According to the study, three quarters of security experts underestimate the effort and steps required to counter a threat. Decisions are often made too quickly or the assessment of an attack or threat is not sufficiently reviewed and substantiated. For a security incident that could have been avoided, even 75 percent of the experts surveyed feel responsible. Almost half of the respondents admitted that their teams often do not have the necessary skills to withstand the threats to the company. Often, they are not even able to cope with the current workload.
Lack of time for training
The shortage of skilled workers in the sector cannot be overcome by hiring new staff alone. However, many teams find it difficult to keep up with the constant stream of new attackers' strategies. For example, 51 percent of those surveyed lack the time to expand their skills because they have to take on too many daily tasks. Meanwhile, technological change often progresses faster than adaptation is even possible. For example, support from organized crime would provide attackers with enormous resources. In order to be able to relieve the burden on employees in this area, in the future more emphasis should be placed on technologies such as cloud security or increased automation in order to simplify the complex construct of cyber security and thus reduce overloads.
Sources
https://www.security-insider.de/unternehmen-fuehlen-sich-cyber-kriminellen-ausgeliefert-a-843933/
https://www.securitytoday.de/2019/06/05/wenn-die-it-sicherheit-zur-ueberforderung-wird/
https://www.symantec.com/blogs/expert-perspectives/cyber-security-pressure-cooker