Signs of a Toxic Cybersecurity Culture

According to VentureBeat, Inc. “The security industry may face a shortage of close to two million qualified personnel by 2022” and most of this is because “A large number of people are leaving the industry and not returning to it due to a lack of direction, burnout, and a toxic culture that can include discrimination or harassment.” That is very disconcerting as now, more than ever, cybersecurity threats are high and jobs in the field are in demand. Qualified professionals shouldn’t have to worry about toxicity at their job. We all know that discrimination or harassment in any workplace is reprehensible so it’s best to have it out in the open, to keep an honest flow of communication and to acknowledge that it exists so changes can be made.

Having a poor cybersecurity culture can be one of the most expensive mistakes a company is making, so here are some signs to look out for.

Signs of a Toxic Work Environment

Some signs of a toxic cybersecurity culture include constant blame, cynicism, and increasing vulnerability. If a threat to cybersecurity happens within a company and the first reaction is to immediately blame a certain employee, that’s extremely unproductive. Blame can be placed on an employee for any reason but, if it’s unfounded, it’s usually due to some sort of discrimination (whether the one placing blame realizes it or not). According to CSO “The average tenure of a CISO is less than three years, according to a 2019 survey of 408 CISOs by Nominet. Nearly a third of respondents (30%) say it’s less than two years.” This means that there’s a constant flux of new employees and that no one sticks around for very long. It may seem like an easy fix to pin blame on a scapegoat but it’s corrosive for any organization.

Cynicism can be a telling problem in the world of information technology and, according to Karen Worstell, CEO of W Risk Group and founder of MOJO Maker for Women in Tech, it’s pretty easy to spot. Of course, cybersecurity can be a source of high tension but that doesn’t mean that employees have to be overly distressed. If this happens, important details are likely to be overlooked and that can be detrimental. If a rise in breaches occurs, it may be that it’s happening within the company and that employees are the source of the problem. Of course, human errors are inevitable but an increasing internal vulnerability can be extremely dangerous as this puts an entire company’s security at risk.

How to Avoid Toxicity in the Workplace

According to Emily Mossberg, principal in Deloitte & Touche LLP, where she is the advisory and implementation services leader for Deloitte Cyber, “Security leaders need to be more open, more networked, and more transparent with the rest of the organization to create a proactive rather than reactive security culture.” Also, when combatting a toxic workplace, it’s important to take a positive perspective: if something seems extremely daunting, try to imagine how to solve the issue rather than dwelling on the intensity of the problem. It’s important for all members of a working team to focus on what they can influence, rather than what is beyond their control. Having a culture management plan can also be helpful along with a special interest in cybersecurity training. It’s important to remember that the cybersecurity department is the backbone of any big business so make sure that the work environment and culture are healthy and positive.

Consult the Cyber Talent Network for more information regarding all of your cybersecurity needs and concerns.

  • Share this post

Leave a Comment