More than half of cybersecurity professionals suffer overwork or burnout
New research from the UK's Chartered Institute of Information Security (CIISec) shows that overwork and burnout remain major problems for the IT security sector.
The study of almost 450 cybersecurity professionals shows that 54 percent of respondents have either left a job due to overwork or burnout, or have worked with someone who has.
Lack of resources seems to be a factor in this as 82 percent of respondents say security budgets are not keeping pace with rising threat levels -- whether rising too slowly, staying the same, or falling. At the same time, holidays or busy periods when security teams are either smaller or stretched more thinly can greatly increase stress, and the risk to the organization. 64 percent of respondents say their businesses simply hope to cope with fewer resources when necessary, whilst 51 percent would let routine or non-critical tasks slip.
"Sadly, security teams are only likely to come under more pressure in 2020, as the COVID-19 outbreak and its aftermath have profound effects on businesses’ budgets and ability to operate," says Amanda Finch, CEO of CIISec. "Unless the industry can learn how to do more with less while also addressing issues of diversity and burnout, risks will rise and organisations will suffer. To avoid this, we need the right people with the right skills, giving them the help they need to reach their full potential. This doesn't only apply to technical skills, but to the people skills that will be essential to giving organisations a security-focused culture that can cope with the growing pressure ahead."
The top reasons given for staff leaving security jobs are a lack of opportunity or progression, unpleasant or bad management, and poor remuneration.
CIISec also looked at the differences between men and women in the sector and finds that although men and women are equally represented across age and level of education received, women are paid significantly less on average or are in lower paying roles.
"Addressing a lack of diversity in the industry isn’t only a matter of fairness," adds Finch. "It also unlocks the skills and talents of a whole range of people who could collectively rejuvenate the industry and help reduce the huge pressure many security teams are under. We need to do all we can both to attract new blood to a career in security, and to ensure those already in place want to stay there. Understanding why people join -- and why they leave -- is the beginning of building a resilient workforce that can face the challenges ahead."
The full report is available from the CIISec site.