Watch for discontent in the shadows

When it comes to IRM, CISOs focus predominantly on technologies: user entity behavior analytics (UEBA), security information and event management (SIEM), data loss prevention, and the like. There isn’t as much emphasis on stepping outside the view of their colleagues as streams of user data, to instead see them as people with complex lives and various pressures placed upon them.

But discontent can brew in dark places, some of which may manifest into a risk and then morph into a threat. If CISOs pay no attention to the human side of the equation, they are exposing their organizations to risks that might otherwise be avoided with a little work.

CISOs themselves are no strangers to discontent. Indeed, a 2024 IANS/Artico report highlighted that three of four CISOs are ready to exit their current role. No bones about it, the cybersecurity field is tough and can take a toll on people. If that’s not a signal to pay more attention to people throughout the organization, I don’t know what is. A good leader should know that if they’re stressed and struggling, their teams are most likely in the same boat.

Lack of feedback can lead to dissatisfaction

The Pew report, which followed the years cataloged as the “great resignation,” breaks down employee satisfaction along a variety of vectors. No surprise, lower levels of satisfaction surround compensation, benefits, opportunity for promotion, training/development, and feedback on performance.

Higher scores came in with respect to day-to-day tasks, colleagues, and relationships with supervisors or managers. Where the Pew data diverges is along generational divides, with those who are my age, 65-plus, tending to be more satisfied (we are on the right side of the ground after all) than those in the 30-49 bracket.

Sadly, over 55% of respondents say they don’t have someone at work whom they consider a mentor. And 28% are of the opinion that their employer doesn’t really care much about them at all.