While 65 percent of cyber security professionals say the COVID-19 pandemic has had a positive impact on the overall security market, the majority are still over-worked and burnt out, according to CIISec’s 2020/21 State of the Profession report. In the survey of 557 security professionals, 51 percent said the stress of the job and work challenges keep them up at night, while 80 percent said staff across organisations have been more anxious or stressed during the pandemic. Long work hours are also in evidence, with almost half (47 percent) working 41+ hours a week, and some working up to 90.
The report highlights the pressures the pandemic has put on the security industry, including:
o53 percent say that budgets are rising but are still behind/slower than the level of threat.
o69 percent believe that risks to data have increased from staff working at home.
o65 percent agree that security reviews, audits and overseeing processes have been harder.
o66 percent also agree that cancellation of educational events, such as training sessions, has contributed to the skills gap.
Amanda Finch, CEO of CIISec, commented: “Lockdown has had a considerable impact on security professionals. The move to remote working has not only made processes harder to manage and data harder to secure, but has been accompanied by a huge rise in threats and attacks. Adding to this, the survey shows a lack of career opportunity was one of the top sources of stress. It’s clear the industry needs to do more to highlight the opportunities that are available, and what skillsets and knowledge security professionals need to move to the next level on their chosen career path. Without this, the industry will struggle to recruit and retain talent, only widening the skills gap.”
As well as the pandemic’s positive impact on the security market, e.g. through increased awareness of security and increased spending, respondents also identified the following positive impacts over 2020:
o59 percent think the industry has got better at defending systems from attacks and protecting data.
o62 percent believe that the industry is getting better at dealing with security incidents, data losses, outages, and breaches when they do occur.
o54 percent agreed that staff have a better work-life balance and more flexibility due to home-work.
“It is promising that security teams can see improvement in their industry. However, it’s clear there is still a long way to go to reduce burnout and ensure cyber security professionals are supported in their careers. To make a change, the industry needs to provide ongoing training and follow consistent standards for identifying, measuring and improving cyber security skills. Doing this will ultimately help to ensure that they are equipped with the right skills to progress and keep pace with the evolving threat landscape.”
This is the 6th annual State of the Profession report that delves into the challenges facing the cyber security industry. Other key statistics include:
o61 percent believe that people are the biggest challenge the industry faces, compared with 67 percent last year – this is an improvement, but people are evidently still seen as a higher risk than processes or technology.
oIn terms of the most important skillsets for people joining the industry to have, ‘analytical thinking/problem-solving’ was ranked top.
o‘Communication skills’ were seen as much less important for those joining the industry, potentially demonstrating a trap the industry as a whole is falling into – ‘soft’ communication skills are vital to help the wider business, and board-level executives, understand the importance of security.
oDiversity issues are still a major barrier: men make up 81 percent of the survey respondents, compared to women at 17 percent. While this is an improvement over 2020’s 90 percent men / 10 percent women, there is still much work to be done to close the gap.