The Challenge of Retaining Information Security Personnel
By Jeffery Squibb, Information Security Administrator/Infrastructure Lead, SoutheastHEALTH
In today’s digital era, information security personnel are highly sought-after professionals in the tech industry. Moreover, with the ever-increasing threat of cyber-attacks, the demand for skilled individuals to safeguard sensitive information has never been higher. However, this demand also means that retaining such personnel has become a significant challenge for organizations.
The cost of losing an information security professional can be significant. A recent report from Frost & Sullivan reveals that the average data breach cost in the United States is $7.91 million. A substantial part of this cost can is attributed to the loss of sensitive data and the damage to the organization’s reputation. Losing a skilled information security professional can make an organization vulnerable to these risks.
Organizations need to overcome several challenges when trying to retain information security personnel. These include:
- Job satisfaction: Many information security professionals feel undervalued, underpaid, and overworked. Feeling undervalued can lead to burnout and, ultimately, resignation. To combat this, organizations must create a positive work environment fostering a sense of community and providing ample professional growth opportunities.
- Challenging work: Information security professionals must feel that their work makes a difference and contributes to the organization’s success. Organizations can provide this by offering opportunities to work on cutting-edge projects, collaborate with other professionals, and participate in conferences and other industry events.
- Constantly evolving nature of the job: As a result, information security professionals must stay current on the latest technologies, threats, and best practices. Staying current requires ongoing training and development, which can be time-consuming and costly. Therefore, organizations must invest in their information security teams by providing access to training and development opportunities and the latest tools and technologies.
- Salary: Salary is also a significant factor in retaining information security personnel. According to a report by Cybersecurity Ventures, the demand for cybersecurity professionals is expected to result in a global shortage of 3.5 million unfilled positions by 2021. This shortage drives up salaries, making it difficult for some organizations to keep up. To remain competitive in the market, companies should offer competitive salaries and benefits packages that reflect the value of their information security teams.
- Roles and responsibilities: Organizations must provide their information security personnel with a clear understanding of their roles and responsibilities. This can help ensure that information security professionals are aligned with the organization’s goals and objectives. In addition, by providing information security personnel with a sense of purpose and direction, organizations can help increase job satisfaction and reduce turnover risk.
- Career development: Finally, organizations must provide information security professionals with clear career paths. Many professionals report feeling there needs to be more room for growth within their current organizations. Organizations must provide advancement and career development opportunities to retain top talent, including promotions, leadership roles, and specialized training.
Retaining information security personnel is a significant challenge for organizations. To combat this, organizations must focus on creating a positive work environment, providing ongoing training and development, offering competitive salaries and benefits packages, providing challenging and meaningful work, providing clear roles and responsibilities, and providing clear career paths for information security professionals.
By addressing these challenges, organizations can create a more attractive and supportive environment for information security professionals, which can help to improve retention rates.
In addition to the above, organizations can do a few other things to retain information security personnel. These include:
- Promoting a culture of open communication and feedback: Information security professionals need to feel that their input is valued and that they can communicate effectively with their colleagues and superiors.
- Providing opportunities for professional development: This can include attending conferences, taking online courses, or getting certified in new technologies.
- Creating a positive work-life balance: Information security professionals often work long hours, so it’s important to offer flexible work arrangements and encourage employees to take breaks and vacations.
- Recognizing and rewarding accomplishments: When information security professionals do a good job, it’s essential to let them know. Show them through public recognition, bonuses, or other forms of compensation.
By taking these steps, organizations can create a more attractive and supportive environment for information security professionals, which can help to improve retention rates.
Here are some specific examples of how organizations can implement the above strategies:
- Promoting a culture of open communication and feedback: One way to do this is to create an anonymous feedback system where information security professionals can share their thoughts and concerns without fear of retaliation. Organizations can also hold regular meetings with information security professionals to discuss their work and get feedback on improving the organization’s security posture.
- Providing opportunities for professional development: Organizations can provide information security professionals with access to training and development opportunities, such as conferences, online courses, and certification programs. They can also encourage information security professionals to attend industry events and network with other professionals in the field.
- Creating a positive work-life balance: Organizations can offer flexible work arrangements, such as telecommuting or flextime.
Retaining information security personnel is a significant challenge for organizations. To combat this, organizations must focus on creating a positive work environment, providing ongoing training and development, offering competitive salaries and benefits packages, providing challenging and meaningful work, providing clear roles and responsibilities, and providing clear career paths for information security professionals. By doing so, organizations can foster a sense of loyalty among their information security teams and reduce the risk of losing valuable employees to competitors.