Cyber security people are still positive about the industry – and their opportunities in it .That’s according to the Chartered Institute of Information Security’s (CIISec) 2022/2023 State of the Profession report.
It’s their eighth annual survey of the cyber industry. In the survey of 302 security people, almost 80 per cent say they have ‘good’ or ‘excellent’ career prospects, and more than 84pc say the industry is ‘growing’ or ‘booming’. That said, the report highlights that the industry is still plagued by issues including stress and overwork. Some one in five, 22pc of respondents work more than the 48 hours per week mandated by the UK Government, and 8pc work more than 55 hours which as the Institute points out, according to the World Health Organisation, marks the boundary between safe and unsafe working hours. The reports also found:
When asked what keeps them awake at night, the two main sources of stress for cyber professionals are day-to-day stress/workload (identified by half) and suffering a cyber-attack (32pc, or about one in three). Many of those surveyed are concerned that the economic climate will lead to or has already created increased cyber risk – especially from fraud (identified by 78pc) and insider threats (identified by 58pc). Respondents overwhelmingly agree that the impact of the economic climate will be mostly felt by smaller businesses and less wealthy individuals, who have less resources to protect against threats and are less able to withstand and recover from a successful attack.
Amanda Finch, CEO of CIISec said: “It’s good to see cyber security professionals are positive about their career prospects. The cyber security industry is thriving. It has many opportunities for people from almost any background, and the need for cyber security is greater than ever as threats continue to rise – making a critical function essentially recession-proof. However, the industry cannot rest on its laurels: it must do more to ensure talent is properly supported and not burnt out. Key to this will be equipping them with the right skills, and attracting fresh blood into the industry to ensure teams aren’t put under undue pressure.”
Other findings from the report include:
Respondents listed money/pay as the number one factor that cause people to leave security jobs, followed by opportunity and scope for progression (or rather, lack of it). Poor working environments are also a major factor: bad or ineffectual management; boring work or a lack of variety; and atmosphere, or issues with teams and colleagues, all were among the top reasons for respondents to leave their jobs.
Most, 71pc of respondents say “people” are the biggest challenge they face in security, as the industry continues to both battle a skills shortage and educate their colleagues. This is compared to process (21pc) – where organisations are struggling to implement best practices that will reduce risk. Only 8pc of cyber security professionals believe technology is a challenge.
As for what are the most important skills to deal with cyber threats: those surveyed cited analytical and problem-solving skills, followed by communication, then technical skills. Talking of skills, the survey suggested that the sector is facing a shortage of skills, rather than people; and that this needs to be remedied with more skilled personnel than simply fresh recruits.
Amanda Finch added: “Traditionally, the cyber security industry has been seen as super technical career. However, as we can see it is much more than that. It demands social, managerial, investigative, and even financial capabilities. The industry must start doing better at advertising the opportunities to use different skills to broaden cybersecurity’s appeal. At the same time, the industry needs to prioritise the people within it. This means creating an environment that they want to work in and can thrive. By doing this, the industry can continue to boom, and cyber security professionals can live long and fulfilled careers.”
The Institute is running its annual conference, CIISec Live, in Manchester on November 22.