Pixel-Shot - stock.adobe.com
Security pros just want to be loved, report finds
Being valued by the business for their role in keeping the organisation safe and upholding ethical standards is a primary motivator for CISOs and other security professionals
CISOs and other security professionals in the UK are most motivated by the idea of being seen as the “business bodyguard” and the knowledge that they are playing a vital role in keeping their organisations safe from cyber attack and upholding business ethics, according to a report from access management specialist Thycotic.
The report found very few security workers struggled to find the motivation to get up and go to work, although they readily acknowledged the downsides of cyber security roles, with 45% saying stress and burnout from long hours and pressure was their biggest issue, with other problems being the growing number of compliance and regulatory demands, and the need for out-of-hours availability.
“Today, CISOs have one of the most challenging and dynamic jobs, but our study clearly shows that IT professionals are content to live with this and that all they really desire is for the business to show they are valued,” said Joseph Carson, Thycotic’s chief scientist and advisory CISO.
“However, being constantly on duty, ensuring the ongoing protection of their company’s assets, educating the rest of the business and keeping their finger on the pulse when it comes to the latest compliance mandates and regulations does take its toll.
“Against this backdrop, it is not surprising that levels of burnout and stress are relatively high. This also has a knock-on effect on the cyber security skills shortage, as potential new talent is put off the industry, choosing instead to seek an equally exciting but less stressful career.”
The study – which covered several other countries as well as the UK – also revealed some insight into how CISOs and other security professionals measure success, and what they consider success to mean.
For UK CISOs, the most important measure of their success was being valued by the company, cited by 45%; meeting performance targets set by the board of directors, cited by 42%; and keeping everything running smoothly, cited by 36%.
Their US counterparts, meanwhile, tended to measure success by whether or not they were keeping pace with compliance demands and preventing their employers from becoming the next big cyber security headline, while German respondents were most concerned by whether or not things were running smoothly.
Read more about security careers and skills
- The British education system cannot move fast enough to address the security skills crisis, and in the absence of government action increased reliance on automation may be the least worst solution.
- A new programme will give armed forces veterans in Scotland a grounding in cyber security skills, including penetration testing and ethical hacking.
- The shortage of skilled security pros is creating an active recruitment market, with over 80% of CISOs saying they would consider a new role if approached.
Carson went on to recommend that in order to relieve the pressure on existing cyber security professionals and encourage new talent to take up roles in the field, it was absolutely imperative that more – preferably all – employees within an organisation are encouraged to take the view that security is fundamental, and understand its true value.
“Promoting a culture in which employees are never afraid to report a potential cyber security issue is also crucial, as the earlier a problem is reported, the less the impact in terms of stress and cost to the business,” said Carson.
The study was conducted by independent market research firm Sapio Research, which quizzed 500 screened and verified IT security professionals in August 2019. The sample included over 100 respondents from UK organisations with more than 500 employees, in both the public and private sectors. The full report can be downloaded from Thycotic’s website.