Nearly half of chief information security officers (CISOs) will change jobs by 2025 globally and 25 per cent will quit due to multiple work-related stress, according to a Gartner report.

The cybersecurity personnel are facing acute stress as nation-state bad actors continue to infiltrate government and enterprise systems with sophisticated malware.

“Cybersecurity professionals are facing unsustainable levels of stress. CISOs are on the defence, with the only possible outcomes that they don’t get hacked or they do,” said Deepti Gopal, Director Analyst, Gartner.

The psychological impact of this directly affects decision quality and the performance of cybersecurity leaders and their teams, she added.

The report predicted that by 2025, lack of talent or human failure will be responsible for over half of significant cyber incidents. The number of cyber and social engineering attacks against people is spiking as threat actors increasingly see humans as the most vulnerable point of exploitation.

Given these dynamics as well as the massive market opportunities for cybersecurity professionals, talent churn poses a significant threat for security teams.

“Burnout and voluntary attrition are outcomes of poor organisational culture,” said Gopal.

While eliminating stress is an unrealistic goal, people can manage incredibly challenging and stressful jobs in cultures where they’re supported. To confront the rising threat, half of medium to large enterprises will adopt formal programmes to manage insider risk by 2025, up from 10 per cent as of now.

A focused insider risk management programme should proactively and predictively identify behaviours that may result in the potential exfiltration of corporate assets or other damaging actions and provide corrective guidance, not punishment, said the report.