Do University Leaders Grasp the Depth of IT’s Staffing Crisis?

The shortage of IT workers, especially those focused on cybersecurity, is nothing new. For years, hundreds of thousands of IT jobs in this country have remained open. The latest research from Cyber Seek shows 469,930 open cybersecurity jobs in the United States; if filled, those positions would increase the overall workforce by more than 27%.

So, if IT departments have been short-staffed for years and officials believe that lack of staff is hampering an institution’s ability to defend itself, why are those staffing needs not better understood?

IT Workers are Stressed, and Not Just About Security Threats

There is, of course, no easy answer to that question, but part of the reason staffing challenges aren’t understood is because many of the difficulties IT employees face aren’t readily apparent and might not be shared by the employees themselves.

“This is a stressful industry, there’s just no two ways about that,” says Buck Bell, CDW’s Global Security Strategy Office lead, in the CDW report.

The CDW survey drilled down on that stress and found that one of the most stressful activities for IT staff was reporting on their work to institutional leadership. More than 40% called that very or somewhat stressful, around the same percentage who felt a lack of tools was a stressor (41%).

A lack of staff, unsurprisingly, also rated as highly stressful. Sixty-two percent rated low staffing in the very or somewhat stressful range, the most stress-inducing of eight different areas that were probed and even more stressful than responding to actual security threats (56%).

Employees’ overall stress levels were also troubling, with only 17% saying they found their jobs either somewhat or very stress-free, compared with 57% who said their jobs were the opposite (very or somewhat stressful).

LEARN MORE: Software support can ease the heavy burden on higher ed IT departments.

Workers Want Better Salaries, More Training and More Co-Workers

The data on worker stress is troubling but, again, not surprising.

IT employees in higher education are being asked to do more with less and have been for years. The staffing shortage has arrived at the same time as universities are facing budget crunches tied to the loss of federal funding for COVID-19 relief and declining enrollments. (Thirty-four percent of respondents to the CDW survey said “budgetary resources” were missing from their cybersecurity approach, and just 10% said their departments were “fully staffed”).

Combine that with inflation driving up the costs of operating a college or university and the reality that IT workers can almost certainly earn a higher salary in other, for-profit industries. And layoffs, or just the threat of layoffs amid an air of uncertainty about higher education’s overall future, are also a contributing factor to employee dissatisfaction.

An EDUCAUSE survey released in March showed that 10% of respondents were concerned about being laid off, and 31% were concerned about layoffs across their institutions. That same survey also showed that 70% of higher education employees feel their current workload is somewhat or very excessive, and nearly as many (68%) say their workload has increased in the past 12 months. At the same time, just 52% said they were satisfied with their current salary, and nearly a quarter (24%) had applied for jobs outside higher education in the past year.

Bell advocates asking two follow-up questions that could help lead institutions to potential solutions.

“Have you outsourced this? And then, No. 2, are you leveraging staff that may have been on board for a while for certain tasks in which they might benefit from additional training?”

RELATED: A vCISO can play an important role in higher education if you start right.

Training is one area where the desires of IT employees and the university can align. The benefits of having a more skilled staff are obvious, and the encouraging news is that employees are eager for that training.

In the CDW report, 66% of respondents said providing certification and educational opportunities for staff was somewhat or very effective in retaining IT security staff.

“Everyone wants to feel, as a human, like they’re contributors. They want to feel like their work matters,” Bell says. “Putting together some kind of training strategy as a way to help people secure and develop their own careers, I think that’s a huge value-add for institutions looking to retain staff.”

CDW and its vendor partners offer ample opportunities for training staff, investments that have a variety of benefits for institutions. It’s easy to see how more skilled employees can get more done and better protect colleges and universities, but it’s just as important that employees feel valued and like they can grow with institutions. And as anyone who’s onboarded a new employee knows, recovering the institutional knowledge lost when there’s significant turnover is impossible.

“You don’t have a lot of staff, so the staff you have, you want to retain,” says Stephanie Hagopian, CDW’s vice president of security. “And you retain your staff by ensuring that you’re raising their value as a staff member, that they have a broad set of skills and they’re working on high-value tasks.”

As for outsourcing, the survey found that almost 38% of respondents are not outsourcing any part of their cybersecurity operations, a missed opportunity to address the high stress levels and sense of being overworked that is pervasive in the industry, Bell says.

“You can find partners to outsource some of these elements. Nobody builds their own HVAC system and then sends somebody up to the top to do recharges of the coolant,” he says. “Take a look at what you can outsource within the security model to keep your people fresh and doing relevant work.”