Information security professionals are more concerned about day-to-day stress and lack of career progression than suffering a cyber-attack, a new study has found.
The UK’s Chartered Institute of Information Security (CIISec) polled over 300 industry professionals to compile its 2021/22 State of the Profession report.
It revealed that a third (32%) of respondents are kept awake by job stress, and a quarter (25%) by lack of opportunity, but only a fifth (22%) by their organization suffering a cyber-attack.
Worryingly, nearly half (49%) reported that they do not follow the UK Government’s best practice Cyber Essentials scheme, and just 20% have formally adopted the National Cyber Security Centre's (NCSC) “Ten steps to cyber security” guidance.
As for causes of workplace stress, 70% of respondents said “people” are the biggest challenge they face in security, compared to technology (17%) and process (13%).
There are also question marks over why so many feel lack of opportunity is causing them to lose sleep. A third (33%) of respondents said their job prospects have actually improved because of the pandemic, with only 4% saying their prospects have worsened.
However, most said they have encountered barriers to career progression – including a lack of confidence in their own ability (38%), lack of support or mentoring (38%), an assumption they lack skills for roles (36%), a feeling of being unwelcome or unaccepted (28%), and a lack of training opportunities (28%).
The sector also still suffers from a diversity problem, despite 90% of cybersecurity professionals feeling their organizations value people of all cultures and backgrounds.
The report found that 38% of organizations have not implemented development programs to attract women or promote those already in it, and a further 5% have tried but failed. A fifth (21%) could not say they would feel comfortable raising concerns about harassment – whether about themselves or others.
CIISec CEO, Amanda Finch said the industry will stagnate if it doesn’t prioritize diversity and inclusion.
“By understanding and highlighting the variety of roles within cybersecurity, the industry can start to attract a diverse range of people. From forensics to threat intelligent to researchers, there are opportunities out there for everyone,” she claimed.
“At the same time, the industry doesn’t only need to attract people from diverse backgrounds, but also create a culture that is inclusive. Cybersecurity can no longer be viewed as a ‘boys only club’ where technical skills are valued above all. We need to move away from this and keep creating a culture where everyone can thrive, feel valued and be accepted.”