Technological innovation is moving at the speed of life. We live in a world infused with artificially intelligent sensors that cross biological, physical and digital boundaries. Not surprisingly, cybersecurity and GRC workforces are struggling to keep pace. The people, processes and technologies that make our new world go round require a very different approach toward protection and defense. The problems we have are primitive, systemic and require transformative thinking and approaches. To design and build the cybersecurity workforces of the future, we must have a clear understanding of our current state, which includes an analysis of our emotional state – a deeper dive into our humanity.
Several organizations have analyzed the current state of our cyber workforce over the past year. Diving into that data uncovers some uncomfortable truths. The most important takeaway is that iteratively improving the existing workforce is not sufficient.
ISACA’s State of Cybersecurity 2022: Global Update on Workforce Efforts, Resources and Cyberoperations Report gives much insight into our collective consciousness. The study asked respondents to identify the top five most important soft skills security professionals need today. The top two skills were communication (57%) and critical thinking (56%). There were also some disconcerting revelations. According to the report, the bottom two soft skills valued in the cybersecurity industry were empathy (13%) and honesty (16%). Plainly stated, we value communication and critical thinking, but we do not think empathy and honesty are important.
The fact that we as cybersecurity professionals think that it is not necessary to be empathetic is frankly the most significant aha moment that any recent survey has invoked. It explains many of the systemic problems we are seeing and experiencing in the industry today.
So, what exactly is empathy? The dictionary defines it as the capacity to understand or feel what another person is experiencing – the ability to figuratively step into another’s shoes to view the situation at hand.
As to why empathy is so important in cybersecurity, we need to view it from a leadership and cultural perspective. To further dive into this, we looked at Businessolver’s 2021 State of Workplace Empathy study. That research unearthed several key findings, all of which pointed to this fact: leaders are struggling to reconcile empathy gaps with employees.
Significant findings of the Businessolver study include:
Another study, The Ernst & Young 2021 Empathy in Business Survey, tells us there is a danger in underestimating the importance of empathy.
Here are some of their findings:
“The Great Resignation continues to significantly impact our global workforce”