Overwork and burnout are very real issues for IT security in 2020, according to the Chartered Institute of Information Security (CIISec), In its Security Profession 2019/2020 report, a survey of 445 in IT security, more than half, 54 percent of respondents had either left a job due to overwork or burnout, or have worked with someone who has.
Most, 82 percent of respondents said security budgets were not keeping pace with rising threats – whether budgets were rising too slowly, staying the same, or falling. At the same time, holidays or busy periods when security teams are either smaller or stretched thinly can greatly add to stress, and the risk to the employer. A majority, 64 percent of respondents said their businesses simply hope to cope with fewer resources when necessary, whilst 51 percent would let routine or non-critical tasks slip.
Sadly, security teams are only likely to come under more pressure in 2020, as the COVID-19 outbreak and its aftermath have profound effects on businesses’ budgets and ability to operate, said Amanda Finch, CEO of CIISec. She said: “Unless the industry can learn how to do more with less while also addressing issues of diversity and burnout, risks will rise and organisations will suffer. To avoid this, we need the right people with the right skills, giving them the help they need to reach their full potential. This doesn’t only apply to technical skills, but to the people skills that will be essential to giving organisations a security-focused culture that can cope with the growing pressure ahead.”
As for attracting and retaining security people, the top three reasons to take a new security job were: remuneration; the opportunity and scope for progression; and the variety of work. Top reasons for leaving a security job were a lack of opportunity or progression; unpleasant or bad management; and poor remuneration.
As for diversity. Of all the respondents, only 10 percent were women. While this has doubled since 2015, it still suggests there is a long way to go, the Institute suggests. CIISec dug further into the data for men and women to see whether there were any notable differences. Although men and women were equally represented across age and level of education received, women were paid significantly less on average or were in lower paying roles. For instance:
– 37 percent of women earned less than £50,000 per year, compared to 21 percent of men
– 15 percent of women earned more than £75,000 per year, compared to 39 percent of men
– Only five percent of women earned more than £100,000, against 18 percent of men
– No women earned more than £125,000, but 12 percent of men did.
Amanda Finch added: “Addressing a lack of diversity in the industry isn’t only a matter of fairness. It also unlocks the skills and talents of a whole range of people who could collectively rejuvenate the industry and help reduce the huge pressure many security teams are under. We need to do all we can both to attract new blood to a career in security, and to ensure those already in place want to stay there. Understanding why people join – and why they leave – is the beginning of building a resilient workforce that can face the challenges ahead.”
The report also found that 67 percent of respondents said that the biggest challenge for security in an organisation was people, compared to processes at 14 percent and technology at 11 percent. Asked what the most significant security technologies for 2020 would be, by far the most believe that AI will have the greatest impact – 31 percent singled out technologies such as AI and Machine Learning. The most-named example of the worst data breaches and security issues of the past year was the British Airways security breach, which also ranked highly in 2018 – showing that serious data breaches can have lasting business and reputational impact, the CIISec suggests.
