One year ago, a Texas A&M educator predicted a trend that now taxes nearly every third party risk management program, whether they know it or not. “The great resignation is coming,” Texas A&M Associate Professor of Management Anthony Klotz warned Bloomberg BusinessWeek last May. “When there’s uncertainty, people tend to stay put, so there are pent-up resignations that didn’t happen over the past year.”
Since then, the exit flood gates have opened across nearly every industry and in most areas of the organization, including IT, cybersecurity, internal audit, and risk management groups. These departures have forced many teams to reconfigure job roles and responsibilities.
During a recent meeting of the Forbes Technology Council he serves on, Shared Assessments Vice President Tom Garrubba learned from technology and human resources experts that recruiters are offering salary increases of 50-70% to lure IT experts away from their current employers. Many organizations are handing their tech professionals double-digit salary increases to try to keep them in the fold.
Third party risk management (TPRM) teams face the twofold challenge of recruiting and retaining sufficient staff in a tight-as-drum labor market while responding to new risks that can arise due to staffing shortages among key vendors. Addressing both issues requires an understanding of the magnitude and nature of the talent crunch along with a consideration of actions that can reduce the negative impacts of skills shortages.
Cybersecurity teams have been especially hard hit: 94% of security teams have been affected by the labor shortage, and 84% of those groups have lost at least one member of their team in the past six months, according to Cobalt’s State of Pentesting 2022 survey report. The results also suggest that talent management challenges have troubling implications on security programs:
Skills shortages in cybersecurity teams, development teams, and related IT and risk management groups also have knock-on effects. When technology and risk professionals are lured to another organization, their former colleagues often take on additional responsibilities until a replacement can be hired and onboarded. Nine out of 10 of the more than 600 security and development professionals surveyed by Cobalt report that they are having difficulty fulfilling their assigned responsibilities and work due to resource shortages. Combine this struggle with the burden of keeping pace with ever-changing security threats, and it’s no surprise that burnout is a major risk.
“Leadership should take a hard look at what is causing burnout and disillusionment, take stock of their go-to-market priorities versus their teams’ capacity, and consider the daily interactions they have with their colleagues,” the Cobalt report concludes.
“Leadership should take a hard look at what is causing burnout and disillusionment, take stock of their go-to-market priorities versus their teams’ capacity, and consider the daily interactions they have with their colleagues,” the Cobalt report concludes.
There are other actions and approaches that can help TPRM leaders address talent shortages in their domains, including:
The availability of advanced technologies also can deliver recruiting and retention advantages, given that high-performing technology, security, and risk professionals are hungry to expand their skills to advance their careers. While the talent crunch is likely to linger, risk managers don’t need to resign themselves to the trend’s negative implications.