The sixth version of the landmark global study shows escalating career complexities and job discontent faced by cybersecurity professionals while the ongoing global skills shortage impacts 71% of organizations
Newton MA and Vienna VA (September 6, 2023)—Enterprise Strategy Group, a division of TechTarget and ISSA announced the publication of its research study titled, “The Life and Times of Cybersecurity Professionals.” The sixth edition of this project (published as an eBook this year) sought to assess the career progression of cybersecurity professionals, determine whether cybersecurity professionals are satisfied with their jobs and careers, measure the impact of the global cybersecurity skills shortage and uncover organizations’ response to it, and monitor the status and performance of cybersecurity leadership. The report reveals that the cybersecurity skills crisis continues in a multi-year freefall that has impacted 71% of organizations and left two-thirds of cybersecurity professionals stating that the job itself has become more difficult over the past two years—while 60% of organizations continue to deflect responsibility.
The report findings include:
· A career in cybersecurity is becoming more difficult in an increasingly challenging environment. Nearly two-thirds (66%) of respondents believe that working as a cybersecurity professional has become more difficult over the past 2 years, with close to a third (27%) stating that it is much more difficult. Internal issues like workload complexity, staffing shortages, and budget deficits combined with external issues like the dangerous threat landscape and regulatory compliance challenges have made this profession progressively more difficult. Most (81%) respondents cite the increase in cybersecurity complexity and workload as the reason their careers are more difficult now. Over half (59%) point to the increase in cyberattacks due to an expanding attack surface and 46% state that their cybersecurity team is understaffed. Almost half (43%) agree that both budget pressures and regulatory compliance complexity have increased and present further challenges. Nearly one-in-ten (8%) of cybersecurity professionals have experienced one or several disruptive security events at their organization that have made their work more difficult.
· Most cybersecurity professionals aren’t very satisfied with their career choices. Cybersecurity professionals face daily job stress like an overwhelming workload, working with disinterested business managers, falling behind business initiatives, and keeping up with the security needs of new IT projects. Little wonder then why less than half of security pros are very satisfied with their current jobs, and 50% of security pros claim it is very likely, likely, or somewhat likely they leave their current job this year.
· The global cybersecurity skills shortage continues unabated. Most organizations (71%) report that they’ve been impacted by the cybersecurity skills shortage—a dramatic increase from 57% in the last study, leading to an increased workload for the cybersecurity team (61%), unfilled open job requisitions (49%), and high burnout among staff (43%), according to respondents. Further, nearly all (95%) respondents state the cybersecurity skills shortage and its associated impacts have not improved over the past few years and 54% (up 10% from 2021) say it has only gotten worse. When asked to identify areas where the security skills shortage is most acute, respondents pointed to application security, cloud security, and security analysis and investigations. A majority of respondents (60%) believe that their organization could be doing more to mitigate the cyber skills shortage, with over one-third (36%) stating that they could be doing much more. Respondents say that their organizations could be taking steps like increasing security professional compensation, providing advanced non-monetary incentives, educating HR professionals and recruiters, and increasing their commitment to cybersecurity training as ways to better address the ongoing skills shortage.
· CISOs must lead the charge. When asked to identify the qualities that make CISOs successful, nearly three-quarters (71%) pointed toward leadership or communications skills. CISO effectiveness varies – 31% of respondents claim their CISO is very effective, 40% believe their CISO is effective, and 26% say their CISO is somewhat effective.
Survey respondents were also asked how their organizations could improve their overall cybersecurity programs. The top responses included increasing cybersecurity training for IT and security professionals, striving to improve the organization’s cybersecurity culture, hiring more staff, increasing the cybersecurity budget, and improving basic security hygiene and posture management.
“For a majority of organizations, cybersecurity continues to be treated as a cost center or compliance mandate versus a business enabler or growth driver,” said Candy Alexander, Board President, ISSA International. “Cybersecurity professionals are charged with protecting the organization while being overworked, overstressed, and understaffed. There was a point in time where organizations could get away with doing ‘good enough security,’ but those days are gone. Relentless, AI-fueled cyberattacks and expanding attack surfaces are a sampling of new problems that are going to overwhelm and overrun underinvested cybersecurity programs. Executive management needs to recognize that their business goals are only possible if cybersecurity successfully enables their business to operate in today’s threat environment day after day.”
“Cybersecurity professional jobs grow more challenging, nuanced, and specialized annually,” stated Jon Oltsik, Distinguished Analyst and Fellow, Enterprise Strategy Group. “My hope is that this eBook not only exposes these issues but also provides business leaders with some creative ways to address them. Trends like digital transformation and cloud computing combined with a progressively dangerous threat landscape are adding to the scale and complexity associated with strong cybersecurity. Understanding, supporting, and enabling our security professionals must be recognized as a foundational requirement in an increasingly digital world.”
The Life and Times of Cybersecurity Professionals (Volume 6) is available for free download on the Enterprise Strategy Group website and ISSA website. Enterprise Strategy Group and ISSA believe the data presented in the eBook can help business and IT leaders with personnel management and cybersecurity defenses. The eBook should also help cybersecurity professionals with career management.