The human factor will exert strong influence on security teams and business users alike

Security teams may contend with security experts departures, whereas business users could face the consequences of insufficient security awareness.

‍

Workplace stress will lead a quarter of cybersecurity leaders to seek alternative career paths

According to Gartner, Inc., by 2025, nearly half of cybersecurity professionals will change jobs, with 25% seeking entirely different roles due to various work-related stress factors.

The high stress levels experienced by cybersecurity experts are primarily attributed to the constant defensive stance they must maintain to prevent cyberattacks. This stress has a direct impact on decision-making quality and overall performance, affecting both cybersecurity leaders and their teams.

Ultimately, burnout and voluntary attrition are consequences of an unhealthy organizational culture. While complete stress elimination is unrealistic, individuals can successfully manage demanding and stressful roles in workplaces that provide adequate support and a nurturing culture.

‍

Human Error Emerges as the Primary Catalyst for Security Incidents, especially SaaS Security Incidents.

Gartner's forecast suggests that, come 2025, a significant majority of major cybersecurity incidents will be attributed to either talent shortages or human errors, collectively accounting for over 50% of such incidents. The escalating frequency of cyberattacks and social engineering schemes targeting individuals underscores the growing perception of human vulnerability by malicious actors.

Findings from a 2022 Gartner survey revealed that 69% of employees had, in the past year, circumvented their organization's cybersecurity directives, while 74% expressed their willingness to disregard such guidelines if it contributed to their own or their team's business goals. In essence, the presence of friction hindering employees and leading to insecure practices plays a substantial role in generating insider risks.

In response to this escalating threat, enterprises will have implemented structured initiatives for managing insider risks. An effective insider risk management program should actively and preemptively identify behaviors that could lead to the potential compromise of company assets or other detrimental actions, emphasizing corrective guidance rather than punitive measures. Chief Information Security Officers (CISOs) must increasingly factor insider risk into the development of their cybersecurity strategies, recognizing that conventional cybersecurity tools often lack the necessary visibility to detect internal threats.

‍