According to research by the Chartered Institute of Information Security (CIISec), cybersecurity professionals report that the industry is “booming”, but 22% of staff report to work unsafe hours. This research, revealed in the Security Profession Survey 2022-2023, gives an insight into the state of the industry at present.
In times of economic turmoil, it’s natural to worry. Recent statistics have shown that around 1 in 10 members of the general public are considering turning to ‘illegal or illicit online behaviour’ in order to help manage the fallout from the cost of living crisis. This indicates that many may resort to cybercrime if things got too bad financially, which is bad news for already overstretched cyber professionals. The CIISec report backs this up. According to the report, cybersecurity professionals are concerned, especially, around an increased risk from fraud (identified by 78%) and insider threats (58%).
But who will suffer most in the case of increased threats? The report suggests that smaller businesses will be impacted most. Given that those will less funds may have less resources to protect against threats and are, ultimately, less able to withstand and recover from an attack.
Worry seems to go hand-in-hand with the role of a security professional, extra worry around economic situations doesn’t help. Fortunately, the CIISec survey found that almost 80% of professions say that they have ‘good’ or ‘excellent’ career prospects, and over 84% say the industry is ‘growing’ or ‘booming’. The report claims that professionals believe security function is largely “recession-proof”.
Despite optimism around economic uncertainty, the report continues to highlight that the industry is still plagued by issues including stress and overwork. 22% of respondents work more than the 48 hours per week mandated by the UK Government, and 8% work more than 55 hours which, according to the World Health Organisation, marks the boundary between safe and unsafe working hours.
Additionally, recent research by Centripetal found that 90% of cybersecurity professionals work while on holiday. Only 9% of professionals said that they never checked their communications (Slack, email, other work comms) whilst on leave.
We often accept cybersecurity to be a round the clock exercise that professionals feel great responsibility for. The Centripetal survey found that Almost a third (32%) of the cybersecurity professionals we surveyed said their personal lives are interrupted by work every night. This number rises to 70% when asked if they are impacted at least once a week. Evidently, professionals can’t switch off. With questions of personal responsibility rising again (see the Solar Winds CISO SEC case), it’s no wonder that professionals continue to be burnt out.
Earlier this year, Cato Networks released an eBook on how CIOs can tackle IT burnout head on. Demetris Booth, Product Marketing Director at Cato Networks in APAC, in a blog on the topic, suggested that the “cycle of mundane activities” can leave professionals feeling “unchallenged.”
“Instead of having IT teams fill the time with endless maintenance and monitoring, CIOs can focus their IT teams on work that achieves larger business objectives. SASE automates repetitive tasks, which frees up IT to focus on strategic business objectives. In addition, the repetitive tasks become less prone to manual errors.”
Booth also suggests that worry, for the c-suite, can often come from talent retention concerns. He says:
“Providing training and professional development helps IT professionals succeed, which in turn, may motivate them to remain in their roles longer, according to a recent LinkedIn survey. These benefits are felt everywhere and by everyone from the IT professional who receives more at-work satisfaction, to CIOs who don’t have to backfill the skills gaps externally. This enables the organisation to achieve ambitious plans for growth and business continuity through technology.”
This is something that is echoed by the CIISec report, which suggests that the industry is suffering from a lack of skills, rather than people.
Additionally, celebrating professionals may be an easy way for bosses to keep staff happy. Cybersecurity, after all, is often deemed a thankless task. Booth advises: “If your IT team is receiving negative feedback from users, they might be feeling stressed out. Poor network performance, security false positives and constant user complaints can leave them feeling dread and anxiety about that next “emergency” phone call.” Booth advises that tools can be used to reduce this burden.
Finally, ‘people’ are the industry’s biggest weapons and challenge. Cybersecurity professionals are doing great things, but there’s a concern around accidental insider threats and mistakes being made as a result of burnout. In the CIISec report, 71% of respondents say “people” are the biggest challenge they face in security, as the industry continues to both battle a skills shortage and educate their colleagues. This is compared to process (21%) – where organisations are struggling to implement best practices that will reduce risk. Only 8% of cyber security professionals believe technology is a challenge.