Fifth of UK Cybersecurity Pros Work Excessive Hours

Written by

The UK’s cybersecurity professionals believe they have excellent career prospects and are employed in a “booming” sector, but many are working unsafe hours, according to a new report from the Chartered Institute of Information Security (CIISec).

Published today, the institute’s 2022/2023 State of the Profession report is compiled from interviews with 302 security professionals.

On the positive side, 80% said they have “good” or “excellent” career prospects, and over 84% claimed the industry they work in is “growing” or “booming.”

However, more than a fifth (22%) work over the 48 hours per week that marks the upper limit stipulated by the government. Although individuals can opt out, in theory this limit is set to ensure the health, safety and wellbeing of workers.

The report found that 8% work more than 55 hours per week, which the World Health Organisation (WHO) deems “a serious health hazard.”

Perhaps unsurprisingly, half (50%) of respondents said their workload keeps them awake at night, a far greater share than said the same about suffering a cyber-attack.

Read more on CIISec: Government to Fund Security Studies for Hundreds of Students

“The cybersecurity industry is thriving. It has many opportunities for people from almost any background, and the need for cybersecurity is greater than ever as threats continue to rise – making a critical function essentially recession-proof,” argued CIISec CEO, Amanda Finch.

“However, the industry cannot rest on its laurels: it must do more to ensure talent is properly supported and not burnt out. Key to this will be equipping them with the right skills, and attracting fresh blood into the industry to ensure teams aren’t put under undue pressure.”

It doesn’t help that many professionals are leaving their roles due to poor pay and working environments. Renumeration was the number one driver for security practitioners to seek employment elsewhere, followed by scope for progression, bad or ineffectual management, boring work and atmosphere, and issues with colleagues.

The report also revealed concerns among security professionals that the deteriorating economic climate will lead to increased cyber-risk. A majority of respondents flagged fraud (78%) and insider threats (58%) as potential challenges.

In fact, most (71%) identified “people” as the biggest challenge in security, followed by process (21%) and technology (8%).

Interestingly, most also claimed the industry is facing a shortage of skills rather than people, hinting that better training could help alleviate challenges in this area. Analytical and problem-solving skills were identified as the most important, followed by communication, and then technical skills.

“Traditionally, the cybersecurity industry has been seen as a super-technical career. However, as we can see it is much more than that,” argued Finch. “It demands social, managerial, investigative and even financial capabilities. The industry must start doing better at advertising the opportunities to use different skills to broaden cybersecurity’s appeal.”

What’s hot on Infosecurity Magazine?