Security staff in the IT departments are under pressure and frustration. This often-expressed assumption has been confirmed by a survey by Sophos. However, not to the same extent everywhere – the size of the company often makes the difference. On average, 75 percent of employees in IT teams are constantly or occasionally frustrated. The main reasons for this are the ever-new cyber threats as well as their increasing complexity and sophistication and pressure from management.
(Bild: Shutterstock / Gorodenkoff)
The constant increase in cyber threats not only puts a strain on budgets, work processes and reputation, but also affects the morale of staff. What does the ever-growing threat of cyber threats mean for the everyday work of IT teams? A current Sophos survey provides information.
According to the Sophos survey, 24.3 percent are persistently frustrated with their cyber defense tasks. For companies with up to 1,000 employees, the value varies only minimally; in companies with over 1,000 employees, the burden appears to be slightly lower at 17.9 percent. This is confirmed by the fact that 33.3 percent of IT employees in large companies say they are not frustrated at all.
In contrast, only 16.7 percent of IT managers in small companies with up to 50 employees say they do not feel any frustration – the “frustration-free” average across all company sizes is 25.7 percent. Half of all IT security employees at 50 percent confirm that they are occasionally frustrated in the area of cybersecurity, meaning that a total of three quarters of all those surveyed struggle with symptoms of fatigue in a duel with cybercriminals.
The biggest stress factors
On average, the greatest burden (45.3 percent) for IT security staff across the industry comes from the general increase in cyber threats. Here, too, there is a large discrepancy in terms of company size. While only 36 percent of companies with up to 49 employees emphasize this point, it is undisputedly in first place for companies with over 1,000 employees.
In second place, at 40.7 percent, increased pressure from company management is causing stress across all industries. In companies with up to 49 employees and those with 250-999 employees, “pressure from above” is the number one reason for frustration at 44 and 46.9 percent respectively. At 23.1 percent, corporate employees feel significantly less burdened when it comes to the boss question.
Other reasons for IT fatigue include monotony and routine (30.7 percent on average), difficult tracking of cyberattacks due to different security solutions (24.7 percent), overload due to constant alarms and warnings from cybersecurity tools (19.3 percent) and employees’ lack of knowledge about cyber threats and inappropriate behavior (18.7 percent).
Companies are reacting to the situation
But there is also a positive development: The majority (49.3 percent) of the IT security employees surveyed went on the offensive, raised existing problems with superiors and then found ways to solve them in whole or in part. However, this approach was much less likely to be successful in companies with 1,000 or more employees; here only 26.9 percent said they had had positive experiences. In first place for this size of company, 38.5 percent say that a notification has not yet been made but is planned. What was negatively noticeable was that one in four respondents across all company sizes found that nothing changed despite informing their superiors.
“The results clearly show that there is an urgent need for action in the vast majority of IT departments when it comes to cybersecurity,” said Michael Veit, cybersecurity expert at Sophos. “Unfortunately, the increasing level of frustration is counteracted by very tangible problems such as the lack of skilled workers, inhomogeneous IT systems or a lack of budgets. While a dedicated IT security strategy is often the norm for larger companies, this is often missing or only implemented half-heartedly for SMEs. The result is enormous stress, which the current survey has now made clear once again. As a solution to the problems mentioned and thus also a reduction in the frustration factor among employees, modern security-as-a-service solutions are available, with which companies of all sizes can quickly and easily bring a team of cybersecurity experts on board to relieve the burden on your own IT department.”
The survey was carried out by techconsult on behalf of Sophos in August and September 2024 among 202 IT employees from industry, trade, banks and insurance, public administration, telecommunications, services and utilities in small, medium and large German companies.
