The Chartered Institute of Information Security (CIISec) are an organizational focal point for the setting of standards across the Information Security profession. Each year, they conduct a “State of the Security Profession” survey, seeking insight into the mindset and trends within the sector.
In this report – the fifth annual turnout – its short, thematically structured questions prompted candid takes on poor resources, tight budgets, high regulatory pressures and increasing threats.
2020’s iteration of the survey had more respondents than ever before, earmarking cybersecurity risk management as an increasingly vital enterprise, and understandably so.
With regulatory fines on the rise (in value and notoriety), consumers are keeping a keen eye on the privacy of their data, and are increasingly intolerant of mishandling or carelessness from the custodian; this gives rise to a number of the pressures outlined in the report.
Shrinking security spend
The CIISec report reveals that overwork and burnout are very real issues for the IT security industry in 2020, with 54% of respondents either leaving their role due to overwork or burnout, or knowing someone who has.
One reason for this is a lack of funding; 82% of respondents said security budgets were not keeping pace with rising threat levels.
With security spend either shrinking or struggling to stay afloat amidst a sea of risk, security teams are subsequently either smaller or stretched too thin. The result is a stark rise in stress levels, which in turn prove risky to organisations. Amanda Finch, CEO of CIISec, points to the increased pressure that will inevitably result from Covid-19, too, complete with its “profound effects on businesses’ budgets and ability to operate”.
To mitigate, “we need the right people with the right skills, giving them the help they need to reach their full potential”.
To the question “how do companies deal with busy periods?”, the following responses emerged:
Hope to cope with fewer resources – 64%
Let routine or non-critical tasks slip – 51%
Incentivise existing staff to cover tasks (e.g. through overtime) – 9%
Increase resources (i.e. hiring additional short-term staff) – 4%
The outlook for security budgets isn’t all that positive. Finch highlights the importance of “the industry learning how to do more with less.” Her claims – alongside the wider context of report – give extra weight to the findings of the TechHQ team, which recently documented the need for ‘more cash and more people’ in cybersecurty.
Source: Tech HQ