Technological innovation is moving at the speed of life. We live in a world infused with artificially intelligent sensors that cross biological, physical and digital boundaries. Not surprisingly, cybersecurity and GRC workforces are struggling to keep pace. The people, processes and technologies that make our new world go round require a very different approach toward protection and defense. The problems we have are primitive, systemic and require transformative thinking and approaches. To design and build the cybersecurity workforces of the future, we must have a clear understanding of our current state, which includes an analysis of our emotional state – a deeper dive into our humanity.
Several organizations have analyzed the current state of our cyber workforce over the past year. Diving into that data uncovers some uncomfortable truths. The most important takeaway is that iteratively improving the existing workforce is not sufficient.
ISACA’s State of Cybersecurity 2022: Global Update on Workforce Efforts, Resources and Cyberoperations Report gives much insight into our collective consciousness. The study asked respondents to identify the top five most important soft skills security professionals need today. The top two skills were communication (57%) and critical thinking (56%). There were also some disconcerting revelations. According to the report, the bottom two soft skills valued in the cybersecurity industry were empathy (13%) and honesty (16%). Plainly stated, we value communication and critical thinking, but we do not think empathy and honesty are important.
The fact that we as cybersecurity professionals think that it is not necessary to be empathetic is frankly the most significant aha moment that any recent survey has invoked. It explains many of the systemic problems we are seeing and experiencing in the industry today.
So, what exactly is empathy? The dictionary defines it as the capacity to understand or feel what another person is experiencing – the ability to figuratively step into another’s shoes to view the situation at hand.
As to why empathy is so important in cybersecurity, we need to view it from a leadership and cultural perspective. To further dive into this, we looked at Businessolver’s 2021 State of Workplace Empathy study. That research unearthed several key findings, all of which pointed to this fact: leaders are struggling to reconcile empathy gaps with employees.
Significant findings of the Businessolver study include:
- 68% of CEOs say they fear they will be less respected if they show empathy in the workplace. This is up an astonishing 31 points from 2020!
- 50% of CEOs believe empathy in their organizations is sufficient, dropping 22 points from 2020.
- 50% of CEOs believe empathy drives employee motivation.
- Only 25% of employees believe empathy in their organizations is sufficient.
Another study, The Ernst & Young 2021 Empathy in Business Survey, tells us there is a danger in underestimating the importance of empathy.
Here are some of their findings:
- 87% of workers feel that mutual empathy between them and their leaders increases their efficiency.
- 87% report it boosts creativity.
- 86% believe it enhances innovation.
- 81% think it increases company revenue.
“The Great Resignation continues to significantly impact our global workforce”
- 79% agree empathetic leadership decreases employee turnover.
- 90% of US workers believe empathetic leadership leads to higher job satisfaction.
- 88% of US workers feel empathetic leadership generates loyalty among staff toward their bosses.
- 85% of US workers think empathetic leadership boosts worker productivity.
- 13% Social engineering. It remains the predominant cyber-attack method.
- 12% Advanced persistent threat (APT).
- 10% Misconfiguration.
- 10% Ransomware.
- The #1 pattern in breaches involves a social engineering component.
- 43% of breaches involved phishing and pretexting.
- 85% of breaches involve a human element, with credentials being one of the most sought-after data types.