Report: Are cybersecurity professionals burnt out?

CIISec’s 2020/21 State of the Profession report, which surveyed 557 security professionals, found that stress and burnout have become a major issue during the COVID-19 pandemic. 

Over half (51%) of cybersecurity professionals are kept up at night by the stress of the job and work challenges, according to the report. This is partly due to overwork, the study found almost half (47%) of respondents work 41+ hours a week, with some working up to 90.

Additionally, 80% said that staff across organisations have been more anxious or stressed during the crisis. This could cause concern as numerous studies have demonstrated that people are more vulnerable to being duped by cyber-criminals while feeling stressed or burnt out.

Pressures on the cyber industry 

The study also analysed other pressures the pandemic has placed upon the security industry.

While more than half (53%) of cybersecurity pros said their budgets are rising, this is not enough to keep up with their organisations’ threats. More than two-thirds (69%) believe that risks to their organisation’s data have increased due to staff working from home.

Additionally, 65% said that the pandemic made security reviews, audits, and overseeing processes more difficult.

Amanda Finch, CEO of CIISec, commented: “Lockdown has had a considerable impact on security professionals. The move to remote working has not only made processes harder to manage and data harder to secure but has been accompanied by a huge rise in threats and attacks.”

Encouragingly, the pandemic appeared to have some positive impacts regarding security awareness and increased expenditure. Around three-fifths (59%) of cybersecurity professionals think the industry has got better at defending systems from attacks and protecting data during 2020, and 62% said the sector had improved its response to security incidents, data losses, outages and breaches when they occur.

Having the right skill set for the sector 

The respondents were also asked about what they felt were the most important skillsets required for those joining the industry. Analytical thinking/problem-solving was ranked top, while communication skills were viewed as much less important.

66% agreed that the forced cancellation of education events, including training sessions, has widened the skills gap in the sector.

“..The survey shows a lack of career opportunity was one of the top sources of stress. It’s clear the industry needs to do more to highlight the available opportunities and what skill sets and knowledge security professionals need to move to the next level on their chosen career path. Without this, the industry will struggle to recruit and retain talent, only widening the skills gap,” added Finch.