NCSS 2023

25-27 APRIL 2023



How to tackle the staff retention issue in Cyber Security

Trident Search Stand: 3/C12

Within the cyber security sector there is a commonplace trend that people tend to move between roles fairly frequently. For employees this offers continuous exposure to new challenges but for an employer losing staff is a costly, time-intensive and culturally impacting exercise.

As a cyber security specialist recruiter, Trident Search is uniquely positioned with a holistic view of the industry and can offer deep insight into why this market is so kinetic and what employers can do to improve retention rates.

Disclaimer: there is no silver bullet solution that will see an organisation retain all its best employees, but if an environment is cultivated that offers continuous opportunity for growth and new challenges then that’s a job well done.

“A total of 4 in 10 cyber firms expect at least 1 member of staff in a cyber role to leave within the next 12 months.”

“The vast majority (74%) of this group of firms are confident that they will replace the skills lost when these staff leave. However, the remaining 23% are not confident.”

When speaking to candidates the most frequent responses to the question ‘why are you looking to move?’ are:

- Career progression

- Compensation

- Burnout

- Cultural fit

Beyond these popular answers there are additional reasons for leaving outside a candidate’s control, such as lack of stability, a change of office location or perhaps other personal reasons. However, let’s focus on the most common responses for now, around which Trident can offer industry-specific advice to improve on employee retention within the cyber security industry.

Career progression

Career progression is the most common reason we see cyber professionals looking to move jobs. Delving deeper, some of the more specific restrictions employees come up against include:

Glass ceiling effect: A phenomenon preventing well-qualified and experienced individuals from career progression due to factors outside of their control.

Lack of L&D: Cyber professionals are passionate and hungry to continuously learn as technology is always advancing in this sector. Providing little to no technical training or support to gain certifications is a growing problem amongst organisations.

Trident Advice:

  • Organisations need to foster an environment of transparency with their employees that encourages honest conversations around progression and promotions. Open discussions will allow both parties to understand better what each side needs and the other can deliver, ensuring realistic expectations are set.
  • Lack of technical training is inexcusable; employers simply need to make time to invest in their employees. “We were too busy” or “lack of resources” are not acceptable answers if companies wish to improve retention.


This can be an awkward one to tackle. If someone is looking to move on solely for money, then you must ask the question ‘are they the kind of person that I want in my team/organisation?’.

However, there is a vast difference between being greedy and wanting to be recognised for a good ol’ honest day’s work at the fair market rate.

Delving deeper, a sudden desire for greater financial compensation may be the result of:

Recruiters: Uneducated headhunters inflating salaries to make an opportunity seem attractive and ill-advising your staff how much they should be earning. Sector specific: It is no secret that working for a global bank pays more than a startup or a not-for-profit.

Trident Advice:

  • It is in an organisations interest to keep up to date with the market compensation levels and engaging in a continuous dialogue with recruitment partners is the easiest way to achieve this.
  • Whilst SMEs cannot necessarily compete with the salaries of big banks, demonstrating to employees the value of their work and their contribution to an organization can be just as rewarding as financial compensation. Providing an employee with more responsibility and flexibility is not to be underestimated as a key factor in retaining employees.
  • If an organization cannot match that of a competing financial offer there are alternative ways to add value to an employee’s role. Investing in technical training, supporting accreditation, implementing bonus schemes, and offering flexible working can bring just as much value.


This is an ever-growing issue within any high-performing industry, and cyber security is no different. At CISO level burnout is a very serious issue, with the average tenure just 26 months.

View all News

The Safety & Security Series