A third of cybersecurity professionals are kept awake by stress
A new survey of over 300 UK security professionals shows 32 percent of respondents say they are kept awake by job stress, 25 percent by lack of opportunity, but only 22 percent by their organization suffering a cyberattack.
The study from The Chartered Institute of Information Security (CIISec) says organizations have been slow to adopt industry standards. Almost half (49 percent) don't follow the UK Government's Cyber Essentials practices, which provide basic best practice; and just 20 percent have formally adopted the NCSC's 'Ten steps to cyber security' guidance.
"Failure to adopt industry standards puts security teams on the back foot when it comes to protecting organizations against cyber-attacks, and only adds to their day-to-day stress," says Amanda Finch, CEO of CIISec. "Without investing time and effort into making cyber security professionals' lives easier, organizations are setting themselves up for failure. People need to be supported in their roles -- with the right processes in place, the skills to do their jobs effectively, and clear paths to progress. Without this, the industry will soon see burnt-out talent who can’t defend against evolving threats."
Among other findings of the report, 70 percent of respondents say 'people' are the biggest challenge they face in security, compared to technology (17 percent) and process (13 percent). The cybersecurity market is still seen as strong with 75 percent seeing the market as 'growing', and an even more positive 15 percent saying it's 'booming'.
The pandemic seems to have boosted job prospects for many too, 33 percent of respondents say their job prospects have improved because of the pandemic, and only 4.3 percent say their prospects have worsened.
Despite this though respondents have encountered barriers to progression in their careers. These include including a lack of confidence in their own ability (identified by 38 percent), lack of support or mentoring from organizations (38 percent), an assumption they lack skills for roles (36 percent), a feeling of being unwelcome/unaccepted (28 percent), and a lack of training opportunities (28 percent). Diversity remains an issue too, 83 percent of respondents were compared to 12 percent female -- while a quarter (26 percent) of cyber security professionals could not say that their organization offers equal opportunities.
You can get the full report from the CIISec site.