Freely subscribe to our NEWSLETTER

Deep Instinct, the first company to apply end-to-end deep learning to cybersecurity, today released the UK findings for the third edition of its annual Voice of SecOps Report. The study focused on the increasing and unsustainable stress levels among 200 C-suite and senior cybersecurity professionals in the UK across all industries and roles. The research found that 49% of UK respondents have considering quitting the industry due to stress, with the primary issues being an unrelenting threat from ransomware and the fear of the next supply chain attack.

The job of defending against increasingly advanced threats on a daily and hourly basis is causing more problems than ever as nearly half of respondents (46%) felt their stress had measurably increased over the last 12 months. These increased stress levels have led cybersecurity professionals to consider leaving the industry altogether, joining in the “Great Resignation,” rather than moving to a new cybersecurity role at a new employer.

– 49% admit to considering quitting the industry on at least one or two occasions

– Half of respondents (50%) know at least one person who left cybersecurity altogether in the past year due to stress

– 51% of those experiencing stress believe that this pressure has inhibited their ability to do their job and make decisions

Who’s Stressed and Why?

Stress is not only felt by SOC teams and others on the cyber frontlines but also among those in the C-Suite who are making the difficult decisions on how to use their available resources more efficiently.

Top three factors contributing to CISO stress levels :

– Ransomware threats (51%)

– Fear of the next supply chain attack (49%)

– Digital transformation impacting security posture (47%)

Top three factors contributing to stress levels of senior cybersecurity professionals :

– Threat of ransomware attacks (48%)

– Insufficient SecOps staff to do the role properly (42%)

– Overwhelmed by false positives (39%)

Biggest Stress Culprit: Ransomware

Nearly half (44%) of respondents said that ransomware was the biggest concern of their company’s C-Suite with the research reinforcing that paying a ransom remains a hotly debated topic. Almost one-third (31%) of respondents admitted to paying a ransom, with 44% claiming their data was still exposed by the hackers; and 38% could not restore all their data even after a ransom was paid.

For those respondents that admitted to paying up in order to receive the encryption key, they did so primarily to avoid downtime (73%) or bad publicity (45%). However, paying the ransom did not guarantee a resolution post-attack in many cases.

In response to these issues with ransomware payment, 75% of respondents claimed they would not pay a ransom in the future. Among those who claimed they would still pay a ransomware demand in the future, widespread fear remained that they would be trouble-free in the future.

The fear of paying a ransom in the future included the following:

– 93% do not expect to have all their data restored

– 65% fear the criminals will still make the exfiltration of data public knowledge; and

– 48% fear the attackers will have installed a back door and will return

“Considering that the constant waves of cyber-attacks are likely to become more common and evasive as we move forward, it’s of the utmost importance to ensure that those who dedicate their careers and lives to defending our businesses and country don’t become overly stressed and give up,” said Guy Caspi, CEO & Co-Founder of Deep Instinct. “By adopting and utilising new defensive techniques, like artificial intelligence and deep learning, we can help the cybersecurity community mitigate one of the most important issues that is often overlooked by many: the people behind the keyboard.”

Is AI the New “Stress Ball”?

There is growing acknowledgement that artificial intelligence (AI)-enabled tools are highly effective in combatting sophisticated attacks such as ransomware. AI is recognised as having the potential to reduce critical productivity challenges like reducing false positives that will allow teams to focus their time and resources on more critical cyber defense issues.

– 47% agree that “they need greater automation through AI/ML to improve security operations”

– 79% would rather depend on AI than humans to hunt threats

– Only 4% claim they “don’t trust AI”

False positive alerts continue to plague SecOps professionals, with 85% of respondents spending, on average, nine hours a week dealing with alerts caused by false positives. More than three quarters (78%) of respondents claimed their false positive rate has increased over the past year and another quarter (24%) admitted to turning off the ‘too noisy’ alerts altogether because they’re overwhelmed and don’t have the time to pay attention to them – leaving their organisation with critical security vulnerabilities. Developing a better balance between “assume breach” and prevention to reduce false positives was cited by 40% of the respondents to improve their overall security posture.