'Cybersecurity experts are buckling under the pressure'

The number of cyber threats increased significantly last year. There are also too few experts available to fill the positions; more than half of the positions that need to be filled currently cannot be filled. As many as three-quarters of cybersecurity professionals suffer from burnout symptoms. What is it like to work in the world of cybersecurity in a landscape of increasing threats and pressure? We spoke with cybersecurity expert Patrick Jordens. He is the director of Trusted Third Party (TT3P), a Dutch company specializing in cybersecurity.

Why has the pressure on cyber experts increased so much?

“A large majority of cyber security experts are indeed succumbing to the high workload. This is due to several factors. First, the intensity of cyber-attacks has increased significantly in recent years. Corporate environments and government institutions in particular are being targeted a lot.

Another major problem is the shortage of qualified personnel. Security teams need people to carry out operational tasks, but they are hard to find. New laws and regulations, such as NIS2, increase the demand for cybersecurity experts, while too few professionals graduate from relevant courses.”

What can be done to reduce the pressure?

“An important point is that board members and other managers recognize that cybersecurity is an organizational problem and not just the responsibility of the ICT department or the Chief Information Security Officer (CISO). The CISO is responsible for the information security policy. In the event of cyber incidents, the ICT department or the security officer is often blamed, both for the cause and the solution. This is unjustified. Cybersecurity is a shared responsibility, and organizations must ensure that all employees are well-trained and aware. Creating a culture in which everyone takes cybersecurity seriously will ease the mental burden on the CISO.”

Can technology also help reduce the pressure on experts?

“Yes and no. AI, for example, can offer experts a helping hand. Think of AI solutions that support security officers in monitoring network traffic and detecting suspicious activity. At the same time, AI brings more work with it. When AI signals deviations in network traffic or analyzes access attempts, security teams have to decide what to do with it. An additional effect is that the workload is increased even more. Hackers are also increasingly applying AI and other technology, and the number of threats is increasing. The result: cybersecurity experts are getting even busier. So whether technology is going to help remains to be seen.”

So more bright minds are needed in the world of cybersecurity. What would you say to people who are considering entering the profession?

“This is a truly fantastic profession. You contribute directly to the digital security of a company and fulfill a role that cannot be filled by just anyone. It can be very satisfying to take on such an important role.

What many people don't realize is that cybersecurity is not just a technical issue. Of course, you need technical knowledge, but it is at least as important that you understand how organizations work and how you can get people on board with a security strategy. Cybersecurity is therefore really a people job. It is not just about setting up firewalls, but above all about advising, inspiring enthusiasm, and ensuring that everyone within an organization works more securely.”

Is your company ready for stringent cybersecurity requirements? The NIS2 is coming

In the Cracked by Jordens series, we look at cyber security for consumers and businesses in the Netherlands. Today: a stricter European regulation, the NIS2.

Read More