Skip to content

Retention & Wellbeing

What the research says about keeping cybersecurity professionals in the industry, and practical strategies for navigating common challenges.

Job Satisfaction Trend

Job satisfaction in cybersecurity dropped sharply in 2023 following increased workloads, budget cuts, and the post-pandemic adjustment period. The trend is recovering but remains below 2022 levels. The data tells a clear story: the industry needs to do better at supporting its people.

Year Satisfaction (%) Context
2021 72% Post-pandemic demand surge
2022 74% Peak satisfaction, strong hiring
2023 64% Sharp decline, budget pressures
2024 66% Slight recovery
2025 68% Continued improvement

Source: ISC2 Cybersecurity Workforce Studies 2021-2025

Retention Outlook

Current data paints a mixed picture:

  • 75% of professionals are likely to stay at their current organisation over the next 12 months (ISC2 Workforce Study 2024)
  • But only 66% are likely to stay over the next 2 years, indicating longer-term uncertainty (ISC2 Workforce Study 2024)
  • 75% of professionals are open to job changes, primarily due to work-life balance and compensation (Sophos APJ 2025)

Why People Leave

Burnout and Stress

63%

63% of cybersecurity professionals report experiencing burnout (ISC2 Workforce Study 2024). The always-on nature of security work, combined with increasing threat volumes, creates unsustainable pressure. 48% feel exhausted trying to stay current with threats, 47% feel overwhelmed by workload expectations, and 81% report higher workloads over the past year (Sophos APJ 2025).

Practical Strategies

  • Set clear on-call boundaries and enforce them
  • Take leave proactively, not reactively
  • Automate repetitive tasks to reduce manual load
  • Communicate workload honestly to management
  • Recognise the signs of burnout early: cynicism, detachment, reduced effectiveness

Limited Career Growth

48%

48% cite limited promotion or development opportunities as a reason for leaving (ISC2 Workforce Study 2024). Many organisations lack structured career pathways for security staff. Career advancement is perceived as "capped" in organisations that don't invest in progression frameworks.

Practical Strategies

  • Seek organisations with defined career frameworks
  • Negotiate professional development budgets upfront
  • Consider lateral moves to broaden skills and open new paths
  • Build a portfolio of achievements for review cycles
  • Use frameworks like NICE to articulate your skills and target roles

Compensation

54%

54% report poor financial incentives driving job changes (ISC2 Workforce Study 2024). The market is competitive and organisations that underpay lose talent quickly. The demand-supply gap means skilled professionals have significant bargaining power.

Practical Strategies

  • Benchmark your salary annually using industry surveys
  • Be willing to negotiate or move if significantly underpaid
  • Factor in total compensation: super, training budgets, flexibility, leave
  • Specialise in high-demand areas (cloud security, AI security) to increase leverage
  • Consider contracting for higher rates if stability is less of a concern

Poor Leadership

45%

45% of departures cite poor management culture as a primary factor (ISC2 Workforce Study 2024). Security teams need leaders who understand the domain, advocate for resources, and support their people. Feeling unappreciated is a significant driver of resignations.

Practical Strategies

  • Evaluate management quality during the interview process
  • Seek mentors outside your direct reporting chain
  • If you're leading: invest in management training, not just technical skills
  • Build relationships across departments to create visibility
  • Document and communicate your team's value to the organisation

Work-Life Balance

68%

68% report their job is taxing on work-life balance (Sophos APJ 2025). Incident response, on-call rotations, and the pressure of protecting the organisation take a toll. Nearly 75% of professionals are open to job changes due to balance issues (ISC2 Workforce Study 2024).

Practical Strategies

  • Negotiate flexible working arrangements upfront
  • Set boundaries around after-hours work and communicate them
  • Choose roles with shared on-call models rather than solo coverage
  • Prioritise roles with adequate team size to share the load
  • Recognise that sustainable careers require sustainable work patterns

Understaffing

54%

54% of Australian cybersecurity teams are understaffed, with 58% reporting unfilled positions (ISC2 Workforce Study 2024). This compounds stress and burnout as remaining staff absorb additional workload. 70% of understaffed organisations struggle with retention, creating a vicious cycle.

Practical Strategies

  • Factor team size into job decisions during interviews
  • Advocate for additional headcount using data and risk metrics
  • Automate where possible to reduce manual load
  • Consider consultancies which manage project-based workloads
  • If your team is chronically understaffed and leadership won't act, it may be time to move

Building a Sustainable Career

Cybersecurity careers are marathons, not sprints. The research consistently points to the same principles for longevity:

For individuals:

  • Invest in soft skills (communication, critical thinking) as much as technical skills
  • Build a professional network through AISA, local meetups, and conferences
  • Set career goals beyond the next role, think 5-10 years ahead
  • Prioritise organisations that invest in their people
  • Don't let urgency culture normalise unsustainable work patterns

For organisations:

  • Define clear career progression pathways for security staff
  • Invest in professional development and certification support
  • Implement sustainable on-call and incident response models
  • Recognise and reward security contributions
  • Address understaffing proactively rather than burning out existing staff

Sources