Companies that have low retention rates are more likely to get attacked. According to the State of the Cybersecurity Workforce study, many companies that have faced more attacks in the past year are understaffed. Retention is becoming more of a challenge. The report found that the number of respondents who are having issues retaining cybersecurity workers has gone up.
Organizations need a specific plan that focuses on cybersecurity retention. Workers in this industry have unique needs. Simply including them in a company-wide retention effort likely will not have lasting effects.
There are five ways to retain more workers.
Remote Work
Offer remote work as an option, even full-time if possible. Employees who prefer working remotely may begin to look for work at another company if forced back into the office. By offering permanent remote work, you also make it possible for employees to stay at your company if they must move. When you do have to fill a position, you have many more options. After all, your talent pool is now much larger than just in your local area.
Custom Career Paths
Create personalized career paths for cybersecurity workers. Employees are more likely to stay at a job if they feel in control of their careers. Often, people in this field don’t see progression right away, especially in a smaller department. Instead, they might see a higher-paying position with another employer and seize the chance. Many may not even realize that there is a clear path to CISO for a person with the right skills and strengths. By working with each employee to understand their goals, especially if they know whether they want to be a generalist or specialist, you can create a career path for them with goals. That helps your employee feel empowered to take charge of their future.
Promote From Within
Promote from within your ranks. Even with written career paths, employees pay the most attention to what they see really happening. When higher-level positions in cybersecurity fill with external hires, they may feel that there is not an upward path for them at your company. When you have an open position, start talking to other people currently in the industry who may be interested and invite them to apply.
Reduce or Prevent Burnout
Focus on preventing, or at least reducing, burnout. The Life and Times of Cybersecurity Professionals 2020 found that burnout was caused by many factors. Skills shortage, lack of career guidance, few leadership professions, job happiness and threat actors still maintaining the upper hand all contribute. Cybersecurity workers facing burnout often either quit the profession or move to another company in search of more balance. Employers can reduce burnout by making projects as easy as possible, providing post-event rest and encouraging leaders to jump in to help when the team is short-staffed.
Stop Harassment
Create a harassment-free workplace. Respect in Security found that a third of cybersecurity workers have had personal experiences with harassment online (32%) and in-person (35%). Businesses signing the Respect in Security corporate pledge show their commitment to ending harassment. Through training and education, you can reduce harassment and create a safe place for employees to work and collaborate. Businesses should also set up a hotline or digital channel for employees to anonymously report harassment without fear of backlash. When employees feel safe and supported at work, they are less likely to begin looking for another position.
The rate of attacks continues to increase and threat actors become even more sophisticated. So, retention is likely to remain a top concern in the future. By actively focusing on the specific needs of cybersecurity workers and creating an environment where they want to work, businesses can reduce their overall risk and vulnerability.
retention | Career | Cybersecurity | Cybersecurity Jobs