Potential boost for jobs and investment as 65 percent believe COVID-19 has had a positive impact on the security market
While 65 percent of cyber security professionals say the COVID-19 pandemic has had a positive impact on the overall security market, the majority are still over-worked and burnt out, according to CIISec’s 2020/21 State of the Profession report. In the survey of 557 security professionals, 51 percent said the stress of the job and work challenges keep them up at night, while 80 percent said staff across organisations have been more anxious or stressed during the pandemic. Long work hours are also in evidence, with almost half (47 percent) working 41+ hours a week, and some working up to 90.
The report highlights the pressures the pandemic has put on the security industry, including:
- 53 percent say that budgets are rising but are still behind/slower than the level of threat.
- 69 percent believe that risks to data have increased from staff working at home.
- 65 percent agree that security reviews, audits and overseeing processes have been harder.
- 66 percent also agree that cancellation of educational events, such as training sessions, has contributed to the skills gap.
Amanda Finch, CEO of CIISec, commented: “Lockdown has had a considerable impact on security professionals. The move to remote working has not only made processes harder to manage and data harder to secure, but has been accompanied by a huge rise in threats and attacks. Adding to this, the survey shows a lack of career opportunity was one of the top sources of stress. It’s clear the industry needs to do more to highlight the opportunities that are available, and what skillsets and knowledge security professionals need to move to the next level on their chosen career path. Without this, the industry will struggle to recruit and retain talent, only widening the skills gap.”
As well as the pandemic’s positive impact on the security market, e.g. through increased awareness of security and increased spending, respondents also identified the following positive impacts over 2020:
- 59 percent think the industry has got better at defending systems from attacks and protecting data.
- 62 percent believe that the industry is getting better at dealing with security incidents, data losses, outages, and breaches when they do occur.
- 54 percent agreed that staff have a better work-life balance and more flexibility due to home-work.
“It is promising that security teams can see improvement in their industry. However, it’s clear there is still a long way to go to reduce burnout and ensure cyber security professionals are supported in their careers. To make a change, the industry needs to provide ongoing training and follow consistent standards for identifying, measuring and improving cyber security skills. Doing this will ultimately help to ensure that they are equipped with the right skills to progress and keep pace with the evolving threat landscape.”
This is the 6th annual State of the Profession report that delves into the challenges facing the cyber security industry. Other key statistics include:
- 61 percent believe that people are the biggest challenge the industry faces, compared with 67 percent last year – this is an improvement, but people are evidently still seen as a higher risk than processes or technology.
- In terms of the most important skillsets for people joining the industry to have, ‘analytical thinking/problem-solving’ was ranked top.
- ‘Communication skills’ were seen as much less important for those joining the industry, potentially demonstrating a trap the industry as a whole is falling into – ‘soft’ communication skills are vital to help the wider business, and board-level executives, understand the importance of security.
- Diversity issues are still a major barrier: men make up 81 percent of the survey respondents, compared to women at 17 percent. While this is an improvement over 2020’s 90 percent men / 10 percent women, there is still much work to be done to close the gap.
To read the full report from CIISec, click here.
About the Chartered Institute of Information Security:
The Chartered Institute of Information Security (CIISec), formerly the IISP, was established in 2006 to act as a focal point for the setting of standards in the information security profession and to promote the availability and growth of talent for government and businesses alike. Unlike many other certifications, the institute does not accredit on knowledge alone but requires professionals to provide evidence that they have successfully performed the required skills in the real world and have a track record of delivering to the highest standards. The institute works with academia to help develop new courses and entry routes into the profession, as well as corporate and government organisations to promote the growth of talent in the workplace.