Businesses hope to cut cyber turnover by encouraging volunteer work

employers that encourage volunteering by their cyber staff stand out in a tough hiring market. Photo: iStock
employers that encourage volunteering by their cyber staff stand out in a tough hiring market. Photo: iStock


  • Unpaid work at nonprofits speaks to a sense of mission core to cyber professionals, corporate managers say.

Companies are encouraging their cyber employees to volunteer at nonprofits, a nudge that managers say can help businesses retain in-demand technical experts despite high turnover in security roles.

The CyberPeace Institute, a Geneva-based group that helps nonprofits, humanitarian and healthcare organizations address cybersecurity, set up a program last year to enlist professionals from the corporate world to explain things like email phishing to nonprofits that might lack the budget to hire their own experts.

Janet Roberts, global head of security awareness and training at Zurich Insurance Group AG, is one of around 10 employees at the insurer who started volunteering for the CyberPeace Institute this year. For one nonprofit, Ms. Roberts is working with Zurich threat-intelligence experts to put together a training session for technology employees who have privileged access to systems.

Volunteering not only feels rewarding, it fits the ethos of the typical cyber professional, she said.

“Most of the people I work with in cybersecurity very much like stopping criminals, protecting employees," she added.

And employers that encourage volunteering by their cyber staff stand out in a tough hiring market, said Stéphane Duguin, chief executive of the CyberPeace Institute. The unpaid outside work “positions them differently when it comes to attracting cyber talent and retaining talent," he said.

The work is done entirely online and is designed to proffer advice on technical, legal or marketing issues related to cybersecurity and responding to a breach, said Fabien Leimgruber, a senior program manager at CyberPeace. Nonprofits that receive the volunteer advice might have as few as five employees, or as many as 20,000, he said. And small outfits often have no IT or cyber staff at all, he added.

After a 2020 cyberattack on Roots of Peace, a California-based nonprofit that turns fields once studded with land mines into farmland, Chief Executive Heidi Kühn contacted the CyberPeace Institute for help. Hackers had used fraudulent emails to steal $1.3 million from her organization.

“I don’t have the luxury of hiring more people," she said, adding that hackers stole from the organization’s limited operational funds.

The CyberPeace Institute investigated the hack and advised Ms. Kühn on crisis management and tech policies. The group was duped into sending money to an account in a Chinese bank, and in September, she received $175,000 from the bank after filing a claim. Still, funds are short, forcing her to shut the organization’s Washington office and cancel plans to hire new staff.

Mastercard Inc. plans to lend employees to CyberPeace this month, said Tim Murphy, chief administrative officer at the financial services company. To start, around 10 of its cyber staff will be able to sign up, he said.

Corporate security experts often come from government, law enforcement and military backgrounds and have a sense of mission that lends itself to volunteer work, Mr. Murphy said. Cybersecurity as a field is “designed to keep the public safe, so it’s a particularly strong area where people want to find a way to give back," he said.

Plus, Mastercard’s volunteer programs in cyber, data analytics and other tech fields could help reduce turnover, he said, because they help keep people involved, he said, adding, “How do you engage and retain hot skills that are in high demand?"

Younger cyber workers in particular tend to value volunteerism as well as taking care of their mental health, which can come through flexibility and taking breaks “from their daily grind," said Clar Rosso, chief executive of (ISC), a professional cyber group that provides certifications.

“The key to staff retention is truly to find what motivates your team members and allow them to do a lot of that," she said.

There are around 3.4 million unfilled cybersecurity jobs worldwide, according to (ISC), with the talent gap increasing 26.2% over the last year.

At Zurich Insurance, the pandemic drew employees to volunteer work, said Gregory Renand, head of its Z Zurich Foundation, which organizes charity work for the insurer’s employees. The social isolation that took hold during the spread of Covid-19 caused employees to question the purpose of what they do and search for meaning, he added.

The foundation started a pilot program with CyberPeace this year, he said. When Z Zurich Foundation told the nonprofits it regularly works with that cyber help was available, three or four signed up, Mr. Renand said. The foundation works with around 60 nonprofits that focus on climate change and social equity, among other causes.

Cyber volunteerism can also bolster the team as a whole, said Ms. Rosso. Stepping away from day-to-day work and looking at a different organization as an outsider can give employees a fresh perspective on their own job, she said.

“There’s a case that allowing employees to go and volunteer in other organizations is actually going to strengthen the security posture of your own organization," she said.

This story has been published from a wire agency feed without modifications to the text

Catch all the Corporate news and Updates on Live Mint. Download The Mint News App to get Daily Market Updates & Live Business News.


Switch to the Mint app for fast and personalized news - Get App

Chat with MintGenie