Staff burnout and a shortage of IT skills could weaken Britain’s defence against attacks on transport, energy and other critical national infrastructures, according to new research from Bridewell Consulting, the independent cyber security services company.
In the last year, 85% of IT decision-makers working to protect Britain’s infrastructure have felt increased pressure to improve cyber security controls. The research also highlighted that of these:
- 47% have suffered unsustainable stress
- 41% have been absent because of burnout
- 32% are looking for another job and 28% have resigned
With daily life depending so heavily on critical national infrastructure (CNI), the prospect of cyber professionals leaving jobs as a result is particularly worrying, especially at a time when the threat of attacks is so high.
Threats such as nation state attacks or malware can have serious implications – not just financially but also to public safety and even causing loss of life. Worryingly, the prevalence of these attacks is high: 86% of CNI organisations detected cyber attacks in the last year and 93% of these experienced at least one successful attack, according to the survey of UK IT decision-makers in CNI organisations.
Lack of knowledge and skills is the top challenge facing cyber security teams, followed by an increase in duties and responsibilities, and burnout of employees. Arguably as a result, 84% of decision-makers believe there will be a critical cyber security skills shortage in the CNI sector in the next three to five years. By 2025, understanding new technology is anticipated to be the biggest challenge, emphasising the need for the right skills and knowledge.
Scott Nicholson, Co-CEO at Bridewell, says: “Cyber security experts are a vital first line of defence but stress and burnout seem to be seriously affecting individuals’ wellbeing. The prospect of people leaving jobs as a result is particularly worrying at a time when the threat of attacks is so high. Ultimately, cyber security isn’t just an IT or OT issue – it’s a business issue. Tackling it as such will result in the strongest, most effective teams, equipped with the right tools to keep our infrastructure safe.”
The full research report “CNI Cyber Report: Risk & Resilience” can be downloaded here.