Cyber security professionals are still positive about the industry and their opportunities despite the economic climate, according to The Chartered Institute of Information Security's (CIISec) 2022/2023 State of the Profession report – the eighth annual survey of the cyber security industry. In the survey of 302 security professionals, almost 80% say they have ‘good’ or ‘excellent’ career prospects, and more than 84% say the industry is ‘growing’ or ‘booming’.
Despite being protected from economic challenges, the report highlights that the industry is still plagued by issues including stress and overwork. 22% of respondents work more than the 48 hours per week mandated by the UK Government, and 8% work more than 55 hours which, according to the World Health Organisation, marks the boundary between safe and unsafe working hours.
The reports also found:
• Worries over workload loom over cyber security professionals: When asked what keeps them awake at night, the two main sources of stress for cyber professionals are day-to-day stress/workload (identified by 50%) and suffering a cyber-attack (32%).
• Economic climate could introduce risks: Security professionals are concerned that the economic climate will lead to or has already created increased cyber risk – especially from fraud (identified by 78%) and insider threats (identified by 58%).
• Smaller businesses will be most impacted: Respondents overwhelmingly agree that the impact of the economic climate will be mostly felt by smaller businesses and less wealthy individuals, who have less resources to protect against threats and are less able to withstand and recover from a successful attack.
“It’s good to see cyber security professionals are positive about their career prospects,” commented Amanda Finch, CEO of CIISec. “The cyber security industry is thriving. It has many opportunities for people from almost any background, and the need for cyber security is greater than ever as threats continue to rise – making a critical function essentially recession-proof. However, the industry cannot rest on its laurels: it must do more to ensure talent is properly supported and not burnt out. Key to this will be equipping them with the right skills, and attracting fresh blood into the industry to ensure teams aren’t put under undue pressure.”
Other key findings from the report include:
• Professionals are leaving jobs due to poor pay and poor work environments: Respondents listed money/remuneration as the number one factor that cause people to leave security jobs, followed opportunity/scope for progression. Poor working environments are also a major factor: bad or ineffectual management; boring work or a lack of variety; and atmosphere, or issues with teams and colleagues, all leaped into the top reasons for respondents to leave their jobs.
• “People” are still the biggest cybersecurity challenge: 71% of respondents say “people” are the biggest challenge they face in security, as the industry continues to both battle a skills shortage and educate their colleagues. This is compared to process (21%) – where organisations are struggling to implement best practices that will reduce risk. Only 8% of cyber security professionals believe technology is a challenge.
• The most important skills to deal with cyber threats: Respondents revealed that analytical and problem-solving skills, followed by communication, then technical skills are the key skills needed to tackle cyber threats – showing how the profession is more open than ever to a wide range of backgrounds.
• The industry is facing a shortage of skills, rather than people: The majority of respondents believed that the industry is facing a shortage of skills, instead of people; and that this needs to be remedied with more skilled personnel than simply fresh recruits.
“Traditionally, the cyber security industry has been seen as super technical career. However, as we can see it is much more than that,” continued Finch. “It demands social, managerial, investigative, and even financial capabilities. The industry must start doing better at advertising the opportunities to use different skills to broaden cybersecurity’s appeal. At the same time, the industry needs to prioritise the people within it. This means creating an environment that they want to work in and can thrive. By doing this, the industry can continue to boom, and cyber security professionals can live long and fulfilled careers.”