In spite of serious cybersecurity talent shortages, managements are overstretching security teams with tight timelines, and insufficient resources and support.

Some 93% of security professionals lacked the tools to detect known security threats, and 92% stated they were still in need of the appropriate preventative solutions to close current security gaps.

These statistics are based on a global survey of more than 300 security professionals and executives to understand the root causes of the stress under which security teams operate. In addition, 75% of the security professionals who responded in the study now experience more work stress than just two years ago.

According to James Carder, CSO and VP, LogRhythm Labs, the security information and event management firm that commissioned the survey: “Now, more than ever, security teams are being expected to do more with less, leading to increasing stress levels. With more organizations operating under remote-work conditions, the attack surface has broadened, making security at scale a critical concern. This is a call to action for executives to prioritize alleviating the stress and better support their teams with proper tools, processes, and strategic guidance.”

Team stress increases without executive leadership

When asked what causes the most work-related stress, the two most selected answers were “not having enough time” (41%) and “working with executives”(18%). In fact, 57% of respondents indicated that their security program lacked proper executive support—defined as providing strategic vision, buy-in and budget.

Furthermore, security professionals cited inadequate executive accountability for strategic security decision as the top reason (42%) they wanted to leave their job. This is an alarming statistic, given that nearly half of companies (47%) were trying to fill three or more security positions.

Said Joanne Wong, LogRhythm’s VP for International Markets: “As businesses across the world accelerate digital adoption to ensure operations continue to run seamlessly following the onset of COVID-19, the pressure on cybersecurity teams to perform are even higher than before. However, the outstanding challenge with the shortage of cybersecurity talents, where Asia Pacific faces a huge 2.6 million shortfall, means that there is an urgent need to help relieve the pressure from security professionals, in order for them to be more efficient and effective in their job.”

In addition to expanding the security team size, implementing smarter detection-focused tools could significantly help security professionals to improve analysis of network traffic and user-behavioral data and speed up threat detection and remediation, Wong said.

Insufficient, redundant security tools

Sixty-eight percent of respondents admitted their organization had deployed redundant security tools, and 56% confessed this overlap was accidental. This emphasizes the need for improved strategic oversight from executives. When asked what additional support their security programs required, 58% of respondents said they still needed increased funding for tools.

Consequently, the report highlights the growing value of IT consolidation. Security professionals rated the value of solution consolidation highly, citing top benefits as less maintenance (63%), faster issue detection (54%), identification (53%), and resolution (49%), as well as lower costs (46%) and improved security posture (45%).

Yet, only one in three companies (32%) had a real-time security dashboard that provides a clear, consolidated view of all their security solutions.

Top five ways to stress security teams less

When asked what would help alleviate their stress, the top five responses included: 

  • 44%: Increased security budget 
  • 42%: Experienced security team members 
  • 42%: Better cooperation from other IT teams 
  • 41%: Supportive executive team
  • 39%: Fully-staffed security team

According to LogRhythm Labs, “all employees, from the CEO to the frontline IT worker, need to feel that they play a significant role in maintaining the security of the company for which they work.”