Despite working in such a high-pressure environment, only a very small proportion of cyber security professionals (3%) struggle to get out of bed in the morning, according to a new study by Thycotic, a provider of privileged access management (PAM) solutions for more than 10,000 organisations worldwide.
In a study of over 550 IT security decision-makers globally, being the ‘business bodyguard’ and the knowledge that they are keeping their organisation safe was the top motivator (29%), closely followed by being the upholder of ethics (25%).
On the downside, burnout and stress from long hours and pressures at work (45%) was listed as the biggest issue when it comes to retaining team members. Further, when asked about the most stressful aspect of the job, more people (42%) cited meeting the growing number of compliance and regulatory demands than lengthy shifts and need for out of hours availability (33%).
Commenting on these results, Joseph Carson, Chief Security Scientist and Advisory CISO at Thycotic says, “Today, CISOs have one of the most challenging and dynamic jobs but our study clearly shows that IT professionals are content to live with this and that all they really desire is for the business to show they are valued.
“However, being are constantly on duty, ensuring the ongoing protection of their company’s assets, educating the rest of the business and keeping their finger on the pulse when it comes to the latest compliance mandates and regulations does take its toll.
“Against this backdrop, it is not surprising that levels of burnout and stress are relatively high.” he continued. “This also has a knock-on effect on the cyber security skills shortage, as potential new talent is put off the industry choosing instead to seek an equally exciting but less stressful career.
“To relieve the pressure on existing cyber security professionals and entice new talent into the field, it is imperative that all employees within a business view security as fundamental and understand the business value of it. Promoting a culture in which employees are never afraid to report a potential cyber security issue is also crucial, as the earlier a problem is reported, the less the impact in terms of stress and cost to the business.”