Workforce Risk

Combating the Great Resignation With Great Retention

The Great Resignation pushed cybersecurity turnover to a historical peak — but the real exposure was never a hiring problem. It was a visibility problem. When leaders cannot see how capability, workload, and roles are distributed across their workforce ecosystem, every departure becomes a surprise. This piece reframes retention as a Workforce Intelligence problem leaders can actually measure and manage.

Two colleagues high-fiving across a desk in an office

Deidre Diamond · November 15, 2021 · 7 min read

The Great Resignation Was a Visibility Problem

For two decades, the US resignation rate was a quiet statistic. It held below 2.4% from 2000 through 2020, and in April 2020, as the pandemic shut workplaces down, it fell to 1.6%. Then it reversed. By August 2021, resignations reached 2.9% — a historical peak — and the technology sector, where cybersecurity lives, saw a 4.5% increase of its own.

The instinct, then and now, is to read those numbers as a simple supply problem — too few people — and respond by opening more requisitions. That instinct misses what actually happened inside security teams. The Great Resignation did not expose a shortage of people. It exposed how little most leaders could see about the people they already had — where capability was concentrated, who was carrying unbacked responsibilities, and which roles were so vaguely defined that the person filling them was already halfway out the door.

Retention, in other words, was never only an HR concern. It was a question of operational visibility into the workforce ecosystem leaders were managing without instrumentation.

The core insight: A resignation rate is a lagging indicator. By the time it moves, the capability has already walked out the door. You cannot protect — or rebalance, or develop — what you cannot see. Operational visibility into capability coverage, workload, and role clarity is what turns retention from a reactive scramble into a managed risk.

Why Security Professionals Were Leaving

The pandemic shifted what people were willing to tolerate, and the data on why they left is consistent. ISACA's State of Cybersecurity research pointed to the same recurring drivers: limited advancement opportunity, inadequate compensation, and workplace stress, compounded by inflexible remote-work policies, unhealthy cultures, and the absence of leadership support.

Those pressures land especially hard in security, where the work itself is relentless. 91% of CISOs report moderate to high stress levels, and 57% of cybersecurity employees experience burnout. These are not soft, ambient complaints — they are the leading edge of attrition, and they tend to concentrate exactly where leaders have the least visibility.

Burnout is rarely random. It is the predictable result of invisible workload imbalance, where too much capability rests on too few people for too long. Without a way to see who is carrying what, leaders discover the imbalance only when the person carrying it resigns.

Why this matters for risk: Every cyber departure removes institutional knowledge and undocumented ownership of critical controls — capabilities no requisition can instantly reconstitute. At a 2.9% peak resignation rate, that exposure compounds across the team. The question is whether leaders can measure it with the same rigor they apply to any other operational risk.

Vague Roles Are a Retention Failure

There is a quieter driver of turnover that the headline numbers never capture: the gap between what a job was described as and what it actually turned out to be. In cybersecurity, role definitions are notoriously imprecise. A professional accepts a position based on one set of expectations, then spends six months discovering the real work is something else entirely — and disengages.

This is where role clarity becomes a retention lever, not a paperwork exercise. CyberSN built its Job Taxonomy of 45 functional cybersecurity roles precisely to close that gap — to give the work a shared, precise vocabulary so that expectations, responsibilities, and growth paths are visible from the start. When a role is clearly defined, leaders can see what capability it actually covers, where it overlaps with others, and where a single person is quietly holding territory no one else can.

Clarity is the foundation of coverage. You cannot reason about your capability coverage if you cannot name, with precision, the capabilities each role is supposed to provide.

Great Retention Starts With What Already Works

The good news from the Great Resignation is that great retention is not mysterious. Professionals stay where a consistent set of fundamentals holds true:

  • They feel valued — their work is resourced and recognized as a priority.
  • Their role is clearly defined — expectations match reality.
  • Communication is constructive — feedback flows in both directions.
  • There is a path for career progression — a visible future inside the organization.
  • Development is continuous — skills grow rather than stagnate.
  • Compensation is equitable — pay reflects the work and the market.
  • The team dynamic is respectful — belonging is built deliberately.

These are timeless. What changed is that leaders can no longer afford to manage them by intuition. Knowing why people leave is necessary but not sufficient; the leaders who actually move their retention numbers are the ones who can see, at any moment, how work and capability are distributed across the team — and where that distribution is quietly creating risk.

When you can see capability coverage, you can build redundancy before a single point of failure becomes a flight risk. When you can see workload distribution, you can rebalance before burnout sets in, rather than after a resignation forces the issue. When you can see where capabilities are thin or roles are unclear, you can offer the development and clarity that keep ambitious professionals engaged instead of watching them grow somewhere else.

How CyberSN Supports Cyber Workforce Risk Management

This is the gap CyberSN exists to close. We give security leaders Workforce Intelligence — operational visibility into capability coverage, workload, and role clarity across the workforce ecosystem — so that retention becomes a measurable, manageable dimension of the broader risk picture rather than a blind spot that only resolves itself through a resignation letter.

The Great Resignation made the cost of that blind spot impossible to ignore. The leaders who came through it strongest were not the ones who reacted fastest to departures, but the ones who could see workforce risk concentrating in time to act on it. That advantage did not expire when resignation rates settled. The organizations that treat their workforce as a system they can see and understand will keep their people longer, mature faster, and execute their strategy more reliably.

That is the promise of Workforce Intelligence — and it begins the moment you can finally see the workforce you have been managing all along.

For more on the forces behind attrition, explore CyberSN's work on the importance of cybersecurity talent retention and talent exfiltration: an insider's guide.

Your Cyber & IT Workforce Risk Partner

Make Retention a Risk You Can See

CyberSN gives security leaders Workforce Intelligence — operational visibility into capability coverage, workload, and role clarity across the workforce ecosystem — so retention becomes a measured, managed dimension of risk instead of a recurring surprise.

Explore Workforce Intelligence
© 2026 CyberSN · All rights reserved
Privacy PolicyTerms of Service
workforce intelligence · est. 2014