The Great Resignation Reaches the Cybersecurity Industry, According to Deep Instinct Report
June 2, 2022
- Latest edition of annual Voice of SecOps survey discovered increased and unsustainable stress levels. 45% of respondents admit that they have considered quitting the industry
- Ransomware is the biggest stress factor with more than one-third (38%) of respondents making a ransom payment and 84% experiencing continued disruption after payment
NEW YORK, NY, June 2, 2022 – Deep Instinct, the first company to apply end-to-end deep learning to cybersecurity, today released the third edition of its annual Voice of SecOps Report. The study focused on the increasing and unsustainable stress levels among 1,000 C-suite and senior cybersecurity professionals across all industries and roles. The research found that 45% of respondents have considering quitting the industry due to stress, with the primary issues being an unrelenting threat from ransomware and the expectations to always be on call or available.
The research reinforced that paying a ransom remains a hotly debated topic. More than one-third (38%) of respondents admitted to paying a ransom, with 46% claiming their data was still exposed by the hackers; and 44% could not restore all their data even after a ransom was paid.
The Great Cybersecurity Resignation
The job of defending against increasingly advanced threats on a daily and hourly basis is causing more problems than ever as nearly half of respondents (46%) felt their stress had measurably increased over the last 12 months. This was especially the case for those working within critical infrastructure. These increased stress levels have led cybersecurity professionals to consider leaving the industry altogether, joining in the “Great Resignation,” rather than moving to a new cybersecurity role at a new employer.
- 45% admit to considering quitting the industry on at least one or two occasions
- 46% know at least one person who left cybersecurity altogether in the past year due to stress
Who’s Stressed and Why?
Stress is not only felt by SOC teams and others on the cyber frontlines but also among those in the C-Suite who are making the difficult decisions on how to use their available resources more efficiently.
|Top three factors contributing to CISO stress levels||Top three factors contributing to stress levels of senior cybersecurity professionals|
Biggest Stress Culprit: Ransomware
Nearly half (45%) of respondents said that ransomware was the biggest concern of their company’s C-Suite. The survey found that more than one-third (38%) of respondents admitted to paying up in order to receive the encryption key primarily to avoid downtime (61%) or bad publicity (53%). However, paying the ransom did not guarantee a resolution post-attack in many cases.
Of those reporting that a payment was made:
- 46% claimed to still have their data exposed by the hackers
- 44% couldn’t restore all their data
- Only 16% claimed to have no further issues to date
In response to these issues with ransomware payment, 73% of respondents claimed they would not pay a ransom in the future.
Among those who claimed they would still pay a ransomware demand in the future, widespread fear remained that they would be trouble-free in the future.
The fear of paying a ransom in the future included the following:
- 75% do not expect to have all their data restored
- 54% fear the criminals will still make the exfiltration of data public knowledge; and
- 52% fear the attackers will have installed a back door and will return
“Considering that the constant waves of cyber-attacks are likely to become more common and evasive as we move forward, it’s of the utmost importance to ensure that those who dedicate their careers and lives to defending our businesses and country don’t become overly stressed and give up,” said Guy Caspi, CEO & Co-Founder of Deep Instinct. “By adopting and utilizing new defensive techniques, like artificial intelligence and deep learning, we can help the cybersecurity community mitigate one of the most important issues that is often overlooked by many: the people behind the keyboard.”
Is AI the New “Stress Ball”
There is growing acknowledgement that artificial intelligence (AI)-enabled tools are highly effective in combatting sophisticated attacks such as ransomware. AI is recognized as having the potential to reduce critical productivity challenges like reducing false positives that will allow teams to focus their time and resources on more critical cyber defense issues.
- 53% agree that “they need greater automation through AI/ML to improve security operations”
- 82% would rather depend on AI than humans to hunt threats
- Only 6% claim they “don’t trust AI”
More than a quarter (27%) of respondents claimed their false positive rate has increased over the past year and another quarter (26%) admitted to turning off alerts altogether because they’re overwhelmed and don’t have the time to pay attention to them – leaving their organization with critical security vulnerabilities. Developing a better balance between “assume breach” and prevention to reduce false positives was cited by 47% of the respondents to improve their overall security posture.
This third edition of Deep Instinct’s Voice of SecOps survey and accompanying report follows the second version from October 2021 and the inaugural version from June 2021. To access all of the full reports, learn more about their key findings, and view the complete survey methodologies, please visit here.
Deep Instinct’s report analyzed feedback from 1,000 C-suite and senior cybersecurity professionals in North America, the UK, France, and Germany. These professionals work for businesses with more than 1,000 employees and revenue north of $500M annually. Respondents were found in seven core verticals: financial services, retail & ecommerce, healthcare, manufacturing, public sector, critical infrastructure, and technology.
About Deep Instinct
Deep Instinct takes a prevention-first approach to stopping ransomware and other malware using the world’s first and only purpose-built, deep learning cybersecurity framework. We predict and prevent known, unknown, and zero-day threats in <20 milliseconds, 750X faster than the fastest ransomware can encrypt. Deep Instinct has >99% zero-day accuracy and promises a <0.1% false positive rate. The Deep Instinct Prevention Platform is an essential addition to every security stack—providing complete, multi-layered protection against threats across hybrid environments. For more, visit www.deepinstinct.com.
Merritt Group for Deep Instinct
Suzanne van de Raadt
Director, Public Relations