Survey Shows 49% of Cybersecurity Professionals Plan to Quit Within a Year, Raising TPRM Concerns
What Happened – A new Harvey Nash Global Tech Talent & Salary Report surveyed 3,646 tech workers worldwide and found that 49 % of cybersecurity specialists intend to change jobs in the next 12 months. Only 29 % say they received extra compensation for the heightened workload, and 19 % reported a major security breach at their organization in the past two years.
Why It Matters for TPRM –
- High turnover erodes institutional knowledge, increasing the likelihood of mis‑configurations and delayed incident response.
- Staffing shortages can force third‑party vendors to rely on over‑extended teams, raising the probability of service disruption.
- Inadequate compensation signals a mis‑aligned risk‑to‑reward model that boards may overlook, leaving critical security controls under‑resourced.
Who Is Affected – All sectors that depend on external security services or managed security providers, especially financial services, healthcare, SaaS, and cloud‑infrastructure firms.
Recommended Actions –
- Review contracts with MSSPs, MSPs, and cloud‑hosting partners for staffing‑stability clauses.
- Validate that vendors maintain documented succession and knowledge‑transfer processes.
- Incorporate employee‑satisfaction metrics into third‑party risk scorecards.
- Engage board‑level discussions on security staffing budgets and retention incentives.
Technical Notes – The issue is not a technical vulnerability but a human‑resource risk. No CVEs or malware are involved. The primary data points are survey‑derived attrition rates, compensation gaps, and self‑reported breach incidence. Source: ZDNet – Nearly half of cybersecurity pros want to quit – here's why