The seventh version of the landmark global study exposes a highly stressful career in a difficult hiring environment where the ongoing global skills shortage impacts 65% of organizations
Newton, MA and Houston, TX, November 21, 2024—Enterprise Strategy Group (ESG), a leading IT analyst, research, and strategy firm, and the Information Systems Security Association (ISSA) announced the publication of their research study, “The Life and Times of Cybersecurity Professionals.” The report indicates that most respondents’ organizations have been impacted by the cybersecurity skills shortage and that cybersecurity professionals’ work environments are growing increasingly difficult—making a highly stressful career even more stressful. Further, the report’s most significant revelation is that organizations don’t provide adequate support for their cybersecurity programs, or the professionals tasked with executing them.
The seventh edition of this study (available as a free eBook download) sought to assess the career progression of cybersecurity professionals, determine cybersecurity professionals’ job and career satisfaction, measure the impact of the global cybersecurity skills shortage, uncover the state of cybersecurity culture, and monitor the status and performance of cybersecurity leadership. ESG and ISSA believe the findings can help business and IT leaders with personnel management and cybersecurity defenses, as well as aid cybersecurity professionals with career management.
“While cybersecurity professionals remain dedicated to the mission at hand, they continue to fight an uphill battle,” stated Jon Oltsik, analyst emeritus at TechTarget’s Enterprise Strategy Group and the author of the report. “The good news is that this year’s research follows a consistent pattern: Organizations with a strong cybersecurity culture that empower the CISO and collaborate with and support the cybersecurity staff can not only improve security efficacy and efficiency but also create a harmonious and healthy work environment for cybersecurity teams.”
Highlights of the research findings include:
· A career in cybersecurity can be difficult as challenges continue to grow. In fact, 65% of respondents believe that working as a cybersecurity professional has become more difficult over the past two years, and most state their job is stressful at least half the time. The top sources of cybersecurity practitioners’ angst include an increase in cybersecurity complexity and workload, a growing attack surface leading to more cyber-threats, and an increasingly complex regulatory compliance landscape. The most stressful aspects of the profession cited are an overwhelming workload, working with disinterested business managers, and lack of security oversight in IT projects. Due to high job stress, two-thirds of cybersecurity professionals are actively considering leaving their current job, while more than one-third are contemplating leaving the cybersecurity profession entirely.
· Job satisfaction goes beyond compensation and is tied to organizational culture and leadership. Fewer than half of cybersecurity professionals said they are very satisfied with their current role¾ a cause for concern considering the global cybersecurity skills shortage. This study found that cybersecurity job satisfaction is driven by business leadership commitment to strong cybersecurity, financial compensation, and other types of support and financial incentives. The emphasis on cybersecurity leadership reflects the importance of a strong cybersecurity culture. Unfortunately, nearly three-quarters of cybersecurity professionals have had at least one job where the organization didn’t understand or fund cybersecurity well. And nearly half of respondents state that the lack of leadership commitment to cybersecurity has led them to consider leaving the field.
· Investing in culture and training can prevent avoidable cyber-risks and improve organizations’ cybersecurity programs. In a progressive organization with an advanced culture, cybersecurity is everyone’s job. However, only 35% of respondents said they work at an organization with an advanced culture of shared responsibility. Cybersecurity professionals state that investing in appropriate resources, additional training for cybersecurity and IT professionals, and creating a better cybersecurity culture throughout the organization are vital to program improvement.
· The global cybersecurity skills shortage continues to impact the majority of organizations as companies lag in effective responses and human resources (HR) mishandles recruiting. Sixty-five percent of organizations claim to be impacted by the cybersecurity skills shortage, and alarmingly, 37% of survey respondents believe the cybersecurity skills shortage has worsened over the past two years. Persistent skills shortages contribute to an increased workload for the cybersecurity team, an inability to fully learn or utilize some cybersecurity technologies to their full potential, and a high burnout and/or attrition rate among staff, according to respondents. Along with a shortage of qualified candidates, nearly half of respondents believe that their HR department mismanages recruiting and hiring from a limited number of strong candidates. Thirty-nine percent of respondents state that HR and recruiters need to be better educated on cybersecurity needs to effectively target recruitment efforts.
· CISO success hinges on top-notch leadership and communication skills. Respondents state that mastering communications and leadership skills is paramount for CISOs to thrive in their roles and drive meaningful cybersecurity outcomes for their organizations. This success also demands a strong relationship between security and business executives; however, the study found that nearly one in four CISOs don’t interact with executives or boards of directors as much as they should. Many boards and leadership teams remain content with the status quo and are not getting involved in cybersecurity beyond supporting basic protections.
“ISSA firmly believes that organizations must prioritize building strong leadership within their cybersecurity departments to address the increasing levels of stress and broad range of challenges facing cybersecurity professionals. At the same time, ISSA hopes enterprises invest in a culture that embraces strong security principles, supports cybersecurity teams, and empowers cybersecurity professionals to ensure better outcomes in both security and retention,” stated Jimmy Sanders, president, ISSA International. “At ISSA, we are dedicated to advancing these conversations and driving change for a healthier, more resilient cybersecurity workforce.”
The Life and Times of Cybersecurity Professionals (Volume 7) is available for free below. The eBook should also help cybersecurity professionals with career advice and guidance.
Downloads
Downloads
About
ISSA
The Information Systems Security Association (ISSA)™ is the community of choice for international cyber security professionals dedicated to advancing individual growth, managing technology risk, and protecting critical information and infrastructure. ISSA members and award winners include many of the industry’s notable luminaries and represent a broad range of industries – from communications, education, healthcare, manufacturing, financial and consulting to IT – as well as federal, state and local government departments and agencies. Through regional chapter meetings, conferences, networking events and content, members tap into a wealth of shared knowledge and expertise. Follow us on LinkedIn.
Click on the link to learn more about ISSA.
TechTarget's Enterprise Strategy Group
TechTarget’s Enterprise Strategy Group is an integrated technology analysis, research, and strategy firm providing market intelligence, actionable insight, and go-to-market content services to the global technology community. It is increasingly recognized as one of the world’s leading analyst firms in helping technology vendors make strategic decisions across their go-to-market programs through factual, peer-based research. TechTarget, Inc. (Nasdaq: TTGT) is the global leader in purchase intent-driven marketing and sales services focused on delivering business impact for enterprise technology companies.
Click on the link to learn more about TechTarget's Enterprise Strategy Group.
Media Contact
- Kesselring Communications
- Leslie Kesselring
- leslie@kesscomm.com
- (503) 358-1012