Lack of Diversity and Career Burnout Blights Infosec Industry

Written by

A lack of diversity and excessive workplace pressure are two of the top challenges for the IT security industry, according to a new study from the Chartered Institute of Information Security (CIISec).

Compiled from interviews with 445 UK industry professionals, The Security Profession 2019/2020 report revealed that over half (54%) had left a job because of overwork or burnout, or worked with someone who had.

The problem appears to be tied to industry skills shortages which leave many practitioners overwhelmed with work, especially during holidays and busy periods.

Almost two-thirds (64%) of respondents said their employers simply hope they can cope with fewer resources when necessary, whilst 51% let routine or non-critical tasks slip. This was certainly the case during the mass shift to remote working in early 2020.

Amanda Finch, CEO of CIISec, warned that the current crisis would likely put security pros under more pressure given the impact on budgets and ways of working.

“Unless the industry can learn how to do more with less while also addressing issues of diversity and burnout, risks will rise and organizations will suffer. To avoid this, we need the right people with the right skills, giving them the help they need to reach their full potential,” she added.

“This doesn’t only apply to technical skills, but to the people skills that will be essential to giving organizations a security-focused culture that can cope with the growing pressure ahead.” 

The signs don’t look good: 82% of respondents told CIISec that security budgets are not keeping pace with rising threat levels – whether because they’re rising too slowly, staying the same or falling.

A related challenge facing the profession is its continued lack of diversity. According to (ISC)2, just 24% of the global cybersecurity workers are female.

CIISec warned that a pronounced gender pay gap continues to afflict the industry in the UK.

For example, 37% of women earned less than £50,000 per year, compared to 21% of men, and only 15% of women earned more than £75,000 per year, compared to 39% of men, the study found.

Just 5% of women earned more than £100,000, versus 18% of men, and no women were paid more than £125,000 per year but 12% of men were.

“Addressing a lack of diversity in the industry isn’t only a matter of fairness,” continued Finch. “It also unlocks the skills and talents of a whole range of people who could collectively rejuvenate the industry and help reduce the huge pressure many security teams are under.”

What’s hot on Infosecurity Magazine?