Half of cyber security practitioners claim that work-related stress keeps them awake at night, according to a new study.
Worries over growing professional workloads were identified as one of the main sources of stress for security staff alongside the looming threat of a cyber attack on their organization.
The findings, contained in the Chartered Institute of Information Security's (CIISec) 2022/2023 State of the Profession report, highlight the intense pressure placed on security staff amidst a period of escalating threats.
CIISec said the security industry is “still plagued by issues including stress and overwork”, with nearly one-quarter (22%) of respondents working more than 48 hours per week.
8% were found to work more than 55 hours each week, which marks a critical boundary between safe and unsafe working practices, according to the World Health Organisation.
CIISec chief executive Amanda Finch said the findings are a serious cause for concern and urged organizations to place greater focus on supporting security staff.
And those who fail to acknowledge the pressure practitioners face could lose vital talent during a period fraught with well-publicized skills shortages.
“The industry cannot rest on its laurels,” she said. “It must do more to ensure talent is properly supported and not burnt out. Key to this will be equipping them with the right skills, and attracting fresh blood into the industry to ensure teams aren’t put under undue pressure.”
Cyber security's "always on" culture
There have been long-running concerns over work-related stress and the pressure of jobs in the security industry. Nearly half of CISOs and senior InfoSec professionals could leave the industry in the next five years due to stress, Gartner revealed in a February 2023 study.
Tessian separately found the demands placed on senior practitioners have led some to work excessive hours and even missing life events, or canceling holidays.
Discover how you can comply with multiple regulations and industry standards
DOWNLOAD FOR FREE
On average, CISOs were found to work 11 extra hours per week due to the demands placed on them, Tessian found.
Around 91% of security professionals also revealed they feel increasingly stressed in their role, according to the 2022 Voice of SecOps report.
In June, senior security leaders told ITPro the industry must address the “always on” culture that plagues the profession. Leaders warned that discussions around mental health and wellbeing are few and far in between across the industry, which is perpetuating negative workplace cultures.
Economic risks and pressures
Macroeconomic conditions were also found to be a concern among security practitioners. Respondents told CIISec the current economic climate will lead to – or has already created – additional risks for organizations.
More than three-quarters said they were worried about fraud-related risks while 58% of respondents highlighted insider threats as a key concern.
Practitioners were less concerned about the economic impact on jobs, CIISec found. Security professionals actually revealed a positive outlook about the industry and opportunities in the space despite ongoing challenges.
Almost 80% said they have ‘good’ or ‘excellent’ career prospects, and more than 80% said the industry is ‘growing’ or ‘booming’.
Finch suggested the current threat landscape means the security profession is more or less “recession-proof” due to the growing necessity of security-related skills at organizations of all sizes.
“It’s good to see cyber security professionals are positive about their career prospects,” she said.
“The cyber security industry is thriving. It has many opportunities for people from almost any background, and the need for cyber security is greater than ever as threats continue to rise – making a critical function essentially recession-proof.”
