Inadequate security budgets, rising threat levels, and manpower shortage are placing a heavy burden on IT security professionals, so much so that many of them are either suffering from overwork or burnout or have seen their colleagues go through the same experience.
A survey of 445 IT security professionals carried out by the Chartered Institute of Information Security (CIISec) has revealed how such professionals are suffering from increasing stress occurring due to a lack of manpower, increasing threat levels, a lack of incentives, a lack of diversity and equal pay, and limited security budgets.
The survey found that stress usually increases during holidays or busy periods when security teams are either smaller or stretched thinly. During such times, 64% of security professionals said that their organisations hope to cope with fewer resources when necessary and 51% said their organisations would let routine or non-critical tasks slip.
One of the major concerns of a vast majority of IT security professionals is that security budgets are not keeping pace with rising threat levels, with only 7% of them stating that their organisations' security budgets have outpaced existing threat levels. Aside from a lack of budgetary support, many security professionals are forced to quit their jobs due to a lack of opportunity or progression, unpleasant or bad management, and poor remuneration.
“Sadly, security teams are only likely to come under more pressure in 2020, as the COVID-19 outbreak and its aftermath have profound effects on businesses’ budgets and ability to operate. Unless the industry can learn how to do more with less while also addressing issues of diversity and burnout, risks will rise and organisations will suffer,” says Amanda Finch, CEO of CIISec.
“To avoid this, we need the right people with the right skills, giving them the help they need to reach their full potential. This doesn’t only apply to technical skills, but to the people skills that will be essential to giving organisations a security-focused culture that can cope with the growing pressure ahead,” she adds.
Women are still underrepresented and underpaid in cyber security roles
The survey also found that even though the percentage of women in cyber security roles has doubled since 2015, they still make up only 10% of the workforce. What's worse is that women are still earning significantly less than men despite having the same level of education and experience.
For instance, not a single woman among those surveyed earned more than £125,000 per year even though 12% of the suurveyed men did. Similarly, while 18% of men earned more than £100,000 per year, only 5% of women did so, and only 15% of women earned more than £75,000 per year, compared to 39 percent of men.
“Addressing a lack of diversity in the industry isn’t only a matter of fairness. It also unlocks the skills and talents of a whole range of people who could collectively rejuvenate the industry and help reduce the huge pressure many security teams are under.
“We need to do all we can both to attract new blood to a career in security, and to ensure those already in place want to stay there. Understanding why people join – and why they leave – is the beginning of building a resilient workforce that can face the challenges ahead,” Finch adds.
Commenting on the survey's findings, Dr.Kiri Addison, head of Data Science for Threat Intelligence and Overwatch at Mimecast, said that it is alarming to see so many CISOs feeling undervalued, as they will always have an important role to play but the pandemic has highlighted their importance more than ever. CISOs need to consider themselves guardians of the company’s brand image, especially at a time when brand spoofing is so prominent.
"CISO’s must continue advocating the importance of cyber security to the organisation and demonstrate its value to the board. It’s also important that CISO’s look to declutter their security environment and make sure they are getting the most out of solutions that they have invested in and that might require doing a full audit," Addison added.
ALSO READ: Amid rising stress levels, 50% of cyber security professionals choosing vCISO as career option