Potential boost for jobs and investment, as 65% believe COVID-19 has had a positive impact on the security market
While 65% of cybersecurity professionals say the COVID-19 pandemic has had a positive impact on the overall security market, the majority are still overworked and exhausted, according to CIISec State of the Profession Report 2020/21. In a survey of 557 security professionals, 51% said work stress and work challenges keep them from sleeping at night, while 80% said staff in organizations were more anxious or stressed. during the pandemic. Long working hours are also evident, with almost half (47%) working more than 41 hours per week, and some working up to 90 hours.
The report highlights the pressures the pandemic has placed on the security sector, including:
- 53% say budgets are increasing but still falling behind / slower than threat level.
- 69% believe data risks have increased due to staff working from home.
- 65% agree that security reviews, audits and oversight processes have been more difficult.
- 66 percent also agree that the cancellation of educational events, such as training sessions, has contributed to the skills gap.
Amanda Finch, CEO of CIISec, commented: “The lockdown has had a huge impact on security professionals. The shift to remote work has not only made processes harder to manage and data harder to secure, but has also brought about a dramatic increase in threats and attacks. In addition, the survey shows that the lack of career opportunities was one of the main sources of stress. It is clear that the industry needs to do more to highlight the opportunities available and the skills and knowledge security professionals that knowledge security professionals need to advance to the next level in the career path than they have chosen. Without it, the industry will have a hard time recruiting and retaining talent, only widening the skills gap. “
In addition to the positive impact of the pandemic on the security market, for example through increased security awareness and increased spending, respondents also identified the following positive impacts on 2020:
- 59% believe the industry has improved in defending systems against attacks and protecting data.
- 62% believe the industry is improving to deal with security incidents, data loss, outages and breaches when they occur.
- 54 percent agreed that staff have a better work-life balance and more flexibility through working from home.
“It is promising that security teams can see improvements in their industry. However, it is clear that there is still a long way to go to reduce burnout and ensure cybersecurity professionals are supported in their careers. To make a change, the industry must provide continuous education and follow consistent standards to identify, measure and improve cybersecurity skills. Doing this will ultimately help ensure they are equipped with the right skills to move forward and keep pace with the changing threat landscape. “
It’s the 6e annual report on the state of the profession that looks at the challenges facing the cybersecurity industry. Other key statistics include:
- 61% think people are the biggest challenge facing the industry, up from 67% last year – this is an improvement, but obviously people are still seen as a higher risk than processes or technology.
- In terms of the most important skill sets for people joining the industry, “analytical thinking / problem solving” was ranked first.
- ‘Communication skills’ were seen as much less important for those joining the industry, potentially demonstrating a trap into which the industry as a whole falls – ‘soft’ communication skills are essential to help the business sense. broad and senior management understand the importance of security.
- Diversity issues remain a major barrier: men make up 81 percent of survey respondents, compared to 17 percent for women. While this is an improvement from the 90% male / 10% female in 2020, there is still a lot of work to be done to close the gap.
To read the full CIISec report, click here.
About the Chartered Institute of Information Security:
The Chartered Institute of Information Security (CIISec), formerly IISP, was established in 2006 to serve as a focal point for setting standards in the information security profession and to promote the availability and growth of talent for government and business. Unlike many other certifications, the institute does not accredit on knowledge alone, but requires professionals to provide proof that they have successfully practiced the skills required in the real world and that they have made their mark. evidence of meeting the highest standards. The institute works with academia to help develop new courses and pathways to the profession, as well as with corporate and government organizations to promote the growth of talent in the workplace.