This article is more than 1 year old

Infosec pros can secure IT, but have harder time securing job satisfaction

Industry facing burnout scare as workplace issues snowball

The proportion of cybersecurity professionals reporting low "happiness ratings" has risen sharply over the last 12 months, raising concerns about increasing burnout rates in the industry.

According to 14,865 global infosec workers surveyed by ISC2, the largest portion (36.9 percent) fall into the "low employee experience" bracket, indicating low levels of happiness at work.

By contrast, the proportion of workers that fell into the medium and high employee experience brackets was recorded at 31.8 percent and 31.3 percent respectively.

The data indicated overall workplace happiness is falling across the board, with both medium and high-satisfaction ratings dropping and "low satisfaction" ratings the only bracket that grew, increasing by more than five percent.

That isn't to say cybersecurity practitioners aren't satisfied with their work – the vast majority (70 percent) reported either being somewhat or very satisfied with their job. The key factors at play appear to be cultural.

Issues such as departmental cutbacks, the ever-looming threat of layoffs, and lack of managerial support were cited as the main reasons contributing to a reduction in overall happiness.

"Having a strong culture within cybersecurity is critical for organizational success. Happy workers are more motivated, more focused, and are less likely to make mistakes," ISC2 said in its report.

"Building effective culture is harder than ever during times of economic uncertainty. Hiring and promotion freezes, budget cuts, and layoffs loom large in workers' minds, and organizations need to scramble to keep their workers from burning out."

The data suggests that the threat of layoffs may have a more profound impact on a cybersecurity pro's job happiness than the layoffs that have already happened and the ongoing skills shortages.

Those employed at companies where cybersecurity positions had already been eliminated reported an overall happiness score of 46 out of 100, compared to a score of 55.5 for those in security teams that were entirely unaffected by this year's wave of layoffs.

However, those who expect job losses to come in the next 12 months reported a happiness score of just 38.9 compared to those who don't expect any layoffs, with the latter group scoring 59.5.

"68 percent of those who experienced layoffs said those layoffs significantly hurt team morale, and 62 percent reported that cybersecurity cutbacks have a negative effect on productivity," ISC2 said.

In addition to worrying about job security, while they're on the clock workers are facing increased workloads due to the cross-industry downsizing.

The majority of pros (71 percent) reported a heavier workload in the past year, with the most commonly cited pain points being excessive emails and tasks, and lack of resources to do the job effectively, as well as staffing and skills-related issues.

Both the overabundance of emails and tasks, and the general feeling of being overworked, were reported in significant numbers by staff at organizations that were suffering from personnel and skill shortages, as well as those at organizations that suffered from neither of these issues.

A much larger gap in reporting was observed when looking at the adequacy of resources available to workers at organizations struggling with staff numbers and skills. Nearly half (42 percent) of respondents said resources were an issue compared to just 13 percent at well-staffed and sufficiently skilled organizations.

While being overworked negatively contributed to employee happiness, more relevant was the quality of management. Such issues weren't as common across the board as heavy workloads, but those with managers who either didn't support or respect their workers most often reported the lowest levels of workplace satisfaction.

Morale was identified as one of the most important factors to maintain in order to keep a cybersecurity workforce happy, and when poor management meets a lack of resources, be it in staff, skills, or adequate tooling, trust in the organization drops along with morale.

"When cybersecurity professionals are not given the tools and resources they need to succeed, it usually leads to lost trust between management and the workforce," said ISC2.

"Those at organizations with staffing shortages and skills gaps are considerably more likely to report a lack of support from managers/executives, a feeling that their employers don't value – or even listen to – their input, and more."

Global security skills gap continues to worsen

Away from the doom and gloom, there are positives in the cybersecurity skills space – this year in general we have plenty more individuals getting paid to keep systems secure. 

This year's estimated total number of security pros has risen 8.7 percent to 5.4 million, with growth particularly evident in North America and Japan with respective rates of 11.3 and 24 percent year-on-year.

The Middle East and Africa also both reported growth of more than 11 percent, but this year's study considered responses from Saudi Arabia, the United Arab Emirates, Nigeria, and South Africa for the first time, so the year-on-year results are based on estimates for these four and therefore may not be entirely reflective of the entire regions.

Only a handful of countries reported a decline in hiring growth: Mexico and Germany saw slight reductions with -1.2 and -1.9 percent respectively. Singapore's growth shrank a tiny -0.6 percent, while Australia's slowed the most at -3.4 percent.

Although hiring is up almost everywhere, that industry skills gap has grown wider again – as it seems to every year – this year by 12.6 percent, according to ISC2's estimates.

Fractionally shy of 4 million, the 440,000 newly created jobs this past year across the world haven't made a dent in the shortage the industry faces.

A common misconception is that the skills gap refers to the number of unfilled jobs, when really it refers to the calculation of jobs that should exist based on the cybersecurity needs of global organizations.

The economy-related layoffs and cutbacks, and in some cases the AI-related job losses that are already either taking place or being strongly considered, haven't helped the situation, which is showing no sign of easing any time soon. ®

More about

TIP US OFF

Send us news


Other stories you might like