Why Cybersecurity Professionals Are Considering the Exit Door in the Age of AI
While 83% of organizations are using or planning to adopt AI for cybersecurity, 68% of cybersecurity professionals say the job has become harder.
In a rapidly evolving digital landscape increasingly influenced by artificial intelligence (AI), new research conducted by the Information Systems Security Association (ISSA) and Omdia reveals a troubling trend among cybersecurity professionals. Despite the fact that 83% of organizations have embraced, or are considering the adoption of AI for cybersecurity purposes, a significant 68% of cybersecurity professionals report that their jobs have become substantially more challenging. Alarmingly, nearly half of these professionals have considered leaving their current roles, while 57% have pondered exiting the industry altogether. This trend highlights a concerning disconnect between executive expectations, the authority granted to Chief Information Security Officers (CISOs), the escalating workloads faced by security teams, and the harsh realities of defending organizations amid an AI-driven threat landscape.
AI is Not Reducing Cyber Workforce Pressure yet, but May be Exposing a Leadership Gap.
It appears contradictory that although companies are increasingly dependent on AI as a source of relief, many security teams are confronting heightened complexity, as evidenced by a rise in alerts, governance risks, and mounting pressure. This tension is exacerbated by the reality that when AI systems fail, accountability does not fall upon the technology itself, but rather on the personnel and CISOs responsible for managing these systems.
“AI is not smarter than humans”
– Dr. Shawn Murray, CISO and Former President of ISSA
Cybersecurity’s Problems Go Beyond the Screen
The research identified three distinct factors contributing to workforce stress within cybersecurity. First, security leaders are struggling with increased workloads. When asked to explain why their jobs are more difficult today compared to two years ago, 55% of respondents cited an increase in complexity and overall workload. The second factor identified is the adoption of new technologies. A striking 72% of respondents indicated that decisions regarding technology implementation are frequently made without direct involvement from the cybersecurity teams, complicating secure adoption processes. In a conversation with Dr. Shawn Murray, the CISO and former president of ISSA, the issue of organizational strain was emphasized as new technologies and AI are integrated without adequate consideration for cybersecurity teams, resulting in a loss of crucial tribal knowledge. Dr. Murray poignantly remarked, “AI is not smarter than humans.” Lastly, burnout emerged as a significant issue, with 37% of respondents pointing to a shortage of skilled professionals as a catalyst for increased fatigue and turnover rates. Among those contemplating a departure from the cybersecurity field, 53% cited high stress levels associated with the job, while 34% lamented the poor work/life balance that the profession typically demands. Melinda Marks, Practice Director for Cybersecurity at Omdia, underscored this sentiment by stating, “There’s so much stress for productivity.”
“There’s so much stress for productivity”
– Melinda Marks, Practice Director, Cybersecurity at Omdia
Full-Time CISOs are Disappearing
The shifting landscape of cybersecurity roles has become increasingly apparent over the past two years. The percentage of full-time CISOs has declined markedly from 76% to just 63%, while the number of virtual CISOs has surged more than threefold, rising from 5% to 16%. This shift may reflect budgetary constraints, liability concerns for CISOs, fractional leadership models being adopted by small- and medium-sized businesses (SMBs), or even executive misperceptions about the CISO role. Marks highlights that the rise in AI adoption has led many to recognize the associated security risks, emphasizing that CISOs and their teams need a well-deserved seat at the executive table to oversee the safe integration of these technologies.
Leadership Effectiveness May be the Real Gap
A significant additional concern is the apparent lack of leadership commitment to cybersecurity, with 33% of respondents expressing that this factor contributed to their contemplation of leaving the profession. For job satisfaction, strong leadership commitment to cybersecurity is deemed crucial. A failure in communication from leadership can foster discontent and insecurity among employees.
Takeaways
While AI has the potential to aid cybersecurity teams, achieving this potential will hinge on better leadership, more defined strategies, enhanced governance, realistic staffing levels, and a fundamental understanding at the board level that cyber resilience relies on both people and technology. The stressors currently plaguing the cybersecurity sphere detrimentally affect not only the organizations involved but also the wellbeing of their personnel.
Marks asserts that despite the challenges of today’s cybersecurity environment, foundational principles remain vital. “As long as we have a strong community that shares information, we can be influential team players,” she remarks. Dr. Murray emphasizes the need for professionals at all levels to seek support and build networks, underscoring the importance of collaboration for CISOs to achieve success. He encourages participation in industry events, such as ISSA chapter meetings, to foster connection and support within the cybersecurity community.
The complete eBook is available at https://issa.org/life-and-times-of-cybersecurity-professionals-volume-viii/
Learn More About ISSA: ISSA, the Information Systems Security Association, stands as the longest-established member organization for cybersecurity professionals, connecting individuals at all career stages through peer networks, professional development, research, and local chapter communities across the globe. It provides essential support for building careers in cybersecurity.
Learn More About Omdia: Omdia, which evolved from the Enterprise Strategy Group, offers actionable market intelligence, demand-side research, analyst advisory services, go-to-market strategy guidance, solution validations, and custom content tailored to support enterprise technology procurement and sales. Melinda Marks serves as the Practice Director for Cybersecurity.
About the Author
Carmen Estela serves as a Cybersecurity Research Analyst at Cyber Defense Magazine and is a candidate for the Women in Cybersecurity Award. After recently graduating with a Master’s degree in Science from the University of Central Florida, she holds a Bachelor’s degree in Criminology from the University of Florida, along with certifications in Data Analytics and AI Fundamentals. She is an active speaker and volunteer at noted industry gatherings, such as BSides Orlando and BSides Jax, where she shares insights on emerging cyber trends. Carmen is dedicated to enhancing standards in governance, risk, and compliance within cybersecurity. Her professional background includes roles as an adult protective investigator, police dispatcher, and legal intern, drawing on her investigative skills across several domains including law enforcement and public service.
Reach her online at [email protected].