It’s not just a lack of new cyber security talent that’s causing the shortfall; some are retiring or leaving the profession, others are just moving organisations. We’re going to focus on targeting those who are leaving, and how to get them to stay.
It’s all about culture.
Let’s dive in…
Why are people leaving?
60% of enterprises are having difficulties retaining qualified cyber security talent. The top reason for leaving their job was being recruited by other companies. Staff turnover rates are approximately 20% in the cyber security workforce.
To alleviate the symptoms, you need to get to the root cause of the problem. We’ve covered this issue in more depth in our article ‘Why do People Quit?’, but the most common reasons are the stress of the job, and finding better salaries, career opportunities and culture elsewhere. (ISC)² found that the top reasons for leaving a job in the last 2 years all involve growth opportunities and negative culture, including ‘I thought the work culture was negative/unhealthy’, ‘I felt burnt out’, and ‘Bad work/life balance’.
Focusing on employee experience
Negative employee experiences appear to be coming from a negative company culture, not the actual work itself. 75% of respondents in the Cybersecurity Workforce Study report being satisfied with their job and passionate about their work.
The study found that low employee experience scores were driven by issues with the organisation, and the team they work within. This creates a vicious cycle of staff shortages; those who are experiencing a negative employee experience are more likely to leave, creating further staff shortages, which in turn maintains a lower employee experience score.
Workers with a lower employee experience score were also less productive, and felt their employee experience impacted their effectiveness in responding to cyber security incidents. This could have devastating effects on a business in terms of their vulnerability to, and the consequences of, cyber attacks.
Another significant factor that negatively affected employee experience was not feeling heard or valued. Senior-level practitioners were more likely to say there was a staff shortage than managers or executives. Organisations are not listening to their front-line workers, and it’s affecting their retention levels.
So, what can you do to fix it?
Growth Opportunities
By providing more opportunities for growth, in both career development and salary, you’re more likely to hang on to the cyber security staff you need.
Employers are increasingly offering to pay for certification and maintenance fees. This can help your staff advance their knowledge and career, and also benefit your organisation – the more qualified your cyber security workers are, the better protected you will be against cyber threats. If you need some more advice on which types of qualifications your staff might be looking to gain, take a look at our article on the best certifications to help advance your career in cyber security.
If your staff are leaving because they can get a better salary, job title and career growth elsewhere, then strategies need to be put in place to create these opportunities within your own organisation. Having a more definitive career path, and regular appraisals about a professional’s journey along this, may stop them from seeking advancement with your peers or competitors instead.
Flexible Working
Since the pandemic, the importance of flexible working has been at the forefront of decisions about career moves. (ISC)² found that the average employee experience ratings of those working fully remote and with flexible work options are higher than those required to be on-site full time. If you don’t offer flexible working options, your competitors will, and you will lose your talent to them.
Introducing initiatives that support remote working, and more flexible working, should be a top priority. This will also contribute to the prevention of burnout in your cyber security workforce.
Offering a voice
Part of fostering a positive company culture is giving your employees a voice. We know that low ratings on employee experience are related to not being heard, listened to, or valued.
Some of the initiatives you could introduce include encouraging employee-centred leadership styles, reducing hierarchy, and prioritising making your staff feel psychologically safe, so they feel comfortable having open and honest discussions.
HR have a significant role to play in staff retention, aside from the departments and teams with which cyber security staff are directly involved. Creating group and individual channels for employee voice company-wide could help increase your retention rates. Some initiatives could include more training for management staff, introducing employee apps, holding focus groups, conducting staff surveys and having employee voice champions.
Employee Experience Initiatives
Alongside giving your employees a voice, there are other initiatives that will improve your company culture and employee experience.
Promoting Equality, Diversity and Inclusion should be a top priority. According to (ISC)², there is a generational divide within the cyber security workforce. The younger workforce are more concerned with E,D&I and emotional health compared to older generations, so strategies that address these issues could have a positive impact on your retention rates. Ensuring you address the cultural divide between the different age groups within your workforce could have very positive results.
Other initiatives, such as cultivating trust in leadership, encouraging autonomy in the workplace, and evaluating your hiring and on-boarding processes, are all good examples of how to improve the employee experience.
If you’re struggling to attract and retain talent, Focus on Security are here to help. Our Cyber Security Recruitment Specialists can give you advice on where to find the best talent, and how to keep hold of them. Get in touch today to start your consultation.
