The COVID-19 pandemic has left a majority of cyber security people over-worked and burnt out, according to the CIISec (Chartered Institute of Information Security) 2020/21 State of the Profession report. In the survey of 557 security people, 51 percent said the stress of the job and work challenges keep them up at night, while 80 per cent said staff across organisations have been more anxious or stressed during the pandemic. Long work hours are also in evidence, with almost half (47 percent) working 41-plus hours a week, and some working up to 90.
The report found:
53 percent say that budgets are rising but are still behind/slower than the level of threat.
69 percent believe that risks to data have increased from staff working at home.
65 percent agree that security reviews, audits and overseeing processes have been harder.
66 percent also agree that cancellation of educational events, such as training sessions, has contributed to the skills gap.
Amanda Finch, CEO of CIISec, said: “Lockdown has had a considerable impact on security professionals. The move to remote working has not only made processes harder to manage and data harder to secure, but has been accompanied by a huge rise in threats and attacks. Adding to this, the survey shows a lack of career opportunity was one of the top sources of stress. It’s clear the industry needs to do more to highlight the opportunities that are available, and what skillsets and knowledge security professionals need to move to the next level on their chosen career path. Without this, the industry will struggle to recruit and retain talent, only widening the skills gap.”
The pandemic did have some impact for the better on cyber security, such as through more awareness of cyber, and increased spending, respondents identified. The survey found that over 2020:
59 percent think the industry has got better at defending systems from attacks and protecting data.
62 percent believe that the industry is getting better at dealing with security incidents, data losses, outages, and breaches when they do occur.
54 percent agreed that staff have a better work-life balance and more flexibility due to home-work.
Amanda Finch said: “It is promising that security teams can see improvement in their industry. However, it’s clear there is still a long way to go to reduce burnout and ensure cyber security professionals are supported in their careers. To make a change, the industry needs to provide ongoing training and follow consistent standards for identifying, measuring and improving cyber security skills. Doing this will ultimately help to ensure that they are equipped with the right skills to progress and keep pace with the evolving threat landscape.”
A majority also agrees that (61 percent) people are the biggest challenge the industry faces, compared with 67 percent last year; people are evidently still seen as a higher risk than processes or technology, the Institute points out. In terms of the most important skills for people joining the industry to have, ‘analytical thinking/problem-solving’ was ranked top.
Diversity issues are still around: men make up 81 percent of the survey respondents, compared to women at 17 percent; this is an improvement over 2020’s 90 percent men / 10 percent women.
CIISec Live, the Institute’s online conference is running on Wednesday September 15, and Thursday September 16. Phil Venables, Global CISO, Google Cloud; and the author and commentator Bruce Schneier. Visit https://ciisec.live/en/.
