freshidea - Fotolia

Covid positive for security market, but still a source of stress

CIISec’s latest “State of the profession report” highlights both positives and challenges for cyber pros arising from the past two years

The majority of cyber security professionals believe that the Covid-19 pandemic has had a net positive impact on the security market, but this has come at great cost in terms of sleepless nights, stress, anxiety and burnout, according to data from CIISec’s latest State of the profession report.

A total of 65% of the cyber pros questioned for the study said they thought the pandemic had positive impacts, such as helping to elevate awareness of security issues and the consequent spending on addressing those issues.

Moreover, 59% thought the industry had improved at defending systems from attacks, 62% believed the industry was better at dealing with cyber incidents in progress, and 54% said that the shift to remote work had personally improved their work-life balance.

However, the upbeat messages were tempered by 51% who said the stress of their job was causing them sleepless nights, 80% who thought staff across organisations were becoming more anxious or stressed, and 47% who had seen their working hours spike.

The study also found that the majority agree that security budgets are failing to keep pace with threat levels; that risk has increased thanks to remote working; that security reviews, audits and oversight processes are now more difficult; and that the cancellation of events, particularly around security education and training, is causing the skills gap to widen.

CIISec CEO Amanda Finch said it was promising that security teams saw some improvement in their industry, but it was clear much work remains to reduce burnout and to ensure cyber pros are adequately supported.

“Lockdown has had a considerable impact on security professionals. The move to remote working has not only made processes harder to manage and data harder to secure, but has been accompanied by a huge rise in threats and attacks,” said Finch.

“Adding to this, the survey shows a lack of career opportunity was one of the top sources of stress. It’s clear the industry needs to do more to highlight the opportunities that are available, and what skillsets and knowledge security professionals need to move to the next level on their chosen career path. Without this, the industry will struggle to recruit and retain talent, only widening the skills gap.

“To make a change, the industry needs to provide ongoing training and follow consistent standards for identifying, measuring and improving cyber security skills. Doing this will ultimately help to ensure that they are equipped with the right skills to progress and keep pace with the evolving threat landscape,” she added.

In terms of in-demand skills, cyber pros ranked analytical thinking and problem solving as the most important skill for someone joining the security profession to have. Communication skills were ranked significantly lower, which Finch said may be storing up problems for the future, as soft skills are vital to help boardrooms and wider business functions understand why security is a necessity.

Some of the other notable findings included in what is now the sixth annual edition of CIISec’s report include a slight decline in the number of security pros – 67% in 2020 to 61% this year – who say that people, as opposed to processes or technology, are the biggest source of cyber risk.

There was also disappointing news for diversity advocates, with men still making up 80% of the survey sample, and while this was down 10% on 2020, it suggests much work remains to address the cyber gender gap.

Read more about security careers

Read more on Security policy and user awareness