Cyber security people do not prefer working on operational activities like firewall policy changes or analysis, so if this is the issue it may be one of the reasons of turnover. What about the cost of these turnover situations?
There are several studies and reports that have looked into the costs of employee turnover in cybersecurity roles. While there is no one-size-fits-all answer, the general consensus is that turnover in cybersecurity can be costly for organizations, especially if they lose experienced and skilled employees.
According to a report by (ISC)², a global non-profit organization that specializes in cybersecurity education and certification, organizations can spend an average of $145,000 to replace a cybersecurity professional. This includes recruitment costs, training expenses, and lost productivity during the transition period.
Another study by the Ponemon Institute estimates that the cost of employee turnover in cybersecurity can be as high as $3.5 million per year for large organizations. This figure takes into account the direct costs of recruiting, hiring, and training new employees, as well as the indirect costs of lost productivity and reduced morale among remaining staff.
The Society for Human Resource Management (SHRM) has also conducted studies on the cost of employee turnover, including in the cybersecurity field. According to SHRM’s 2019 Human Capital Benchmarking Report, the average cost per hire for a cybersecurity professional was $11,514, which includes recruitment costs such as advertising, sourcing, and screening candidates, as well as the time spent by HR and hiring managers to fill the role.
Additionally, SHRM’s 2019 Employee Benefits Report found that offering competitive salaries and benefits is a key factor in retaining employees, including those in the cybersecurity field. The report notes that organizations that provide above-average benefits, such as healthcare and retirement plans, are more likely to retain their employees than those that provide below-average benefits.
According to another study by the Society for Human Resource Management, regardless of cyber security the average cost of turnover can range anywhere from 30-50% of an employee’s annual salary. For example, if an employee earns $50,000 per year, the cost of turnover could be anywhere from $15,000 to $25,000.
It’s important to note that the cost of turnover includes both direct and indirect costs, such as the cost of recruiting and training a replacement, lost productivity, and the impact on morale for remaining employees. Some estimates put the direct cost of replacing an employee at 1.5 to 2 times their annual salary, with indirect costs adding another 50-70% of their annual salary.
Turnover in cybersecurity roles can also have other implications for an organization’s security posture. For example, when experienced staff leave, they take their knowledge and expertise with them, which can result in a loss of institutional memory and potentially leave the organization vulnerable to cyber-attacks.
Overall, the cost of turnover for cybersecurity engineers can be significant and organizations should take steps to retain their skilled employees, such as offering competitive salaries, professional development opportunities, a positive work environment and surely eliminate operational activities from their daily routines.