Cybersecurity professionals enjoy their roles and recognize the impactnof greater diversity, but the potential for downsizing can underminenmorale.
nnThe cybersecurity workforce is a positive place to be. A key takeaway fromnournnannual Cybersecurity Workforce Studynnis that the majority of respondents remain happy about their level of jobnsatisfaction. Yet, the profession is not immune from the impact of widerneconomic pressures. Despite being a highly robust profession with a strongnratio of demand to workforce, 2023 recorded the first, albeit small, drop inncybersecurity job satisfaction in the face of cost of living and inflationnpressures, along with concerns over downsizing.n
nnAlongside this, the significance of corporate culture was also underscorednby the fact that those organizations which focused on diversity, equity andninclusion initiatives generally had more effective and content workforces.n
nn
nHow Cybersecurity Employees Perceive the Workplace
nn
nnWe introduced employee experience (EX) as a measurement in 2022 in a bid tonunderstand cybersecurity professionals’ overall satisfaction and worknexperience. The measure covers issues like engagement, burnout rates, andnfair evaluation, amongst others.
n nnThe figures showed that the average numbers of cybersecurity professionalsnreporting “high” and “medium” experience slipped slightly between 2022 andn2023, from 32.6% to 31.3%, and 35.6% to 31.8% respectively. This means thatn36.9% of workers reported a “low” level of employee experience, an upticknfrom 31.7% a year ago.n
nnNonetheless, overall job satisfaction remains high, with 70% of workersnsaying they are very or somewhat satisfied in their roles, this remains ansubstantial majority recognizing that their workplace is positive, with onlyna four-point slip on the previous year. Meanwhile, 12% were somewhatndissatisfied, with 4% very dissatisfied.n
n nWorkers were generally very happy with their work, their immediatencolleagues, and wider cybersecurity and technology organizations – thoughnnot quite as happy as a year ago before the effects of geopolitical andneconomic disruption relating to the Ukraine conflict and elsewhere had yetnto be fully realized.n
nn
nThe Happiness Gap
nn
nnCybersecurity is not completely insulated from the effects of broaderneconomic turmoil, despite being arguably far more resilient than most due tonits extensive global and regional skills supply and demand imbalance.nRegardless of profession, economic pressures tend to have a direct impact onnmorale. Workers in organizations that have had layoffs in 2023 had annaverage EX rating of 46, compared to 55.5 in organizations that had not seennlayoffs.
n nnUncertainty might be considered part and parcel of the cybersecurity world,nwhere threats and challenges change every daily or more often, but it seemsnthe prospect of layoffs impact morale more than the actuality. Workers whonexpect layoffs in their cybersecurity organization in the year aheadnexpressed EX ratings of just 38.9 on average, while those in orgs notnexpecting layoffs showed the highest EX rate, at 59.5. Over two thirds ofnthose who had experienced cutbacks reported that the action hadnsignificantly hurt team morale.n
nnOver 70% said cutbacks would mean increased workloads. Almost a third ofnrespondents said “too many emails/tasks” was the biggest factor impactingntheir job satisfaction. It was closely followed by “overwork due to staff ornskill shortages”, with a quarter of respondents citing the fact their teamnhad “inadequate resources to sufficiently protect the company”.n
nnAgain, the effect was more pronounced in organizations with staff shortagesnand skills gaps. As our report showed elsewhere, skills shortages present anbigger problem than people shortages, as the former can leave gaps thatncan’t always be covered simply by redeploying existing team members fromnelsewhere in the organization.n
nnThe report concluded “the thing that really hurts worker morale is a lack ofnsupport and respect from the organization” with the most negativelynimpactful issue being “my employer does not value or listen to my work”,nassociated with a 36.9 EX average rating, echoing the finding in last year’snreport.n
nnIt is a reflection of how organizational culture plays an important role innjob satisfaction, and by implication the effectiveness of a security team.n
nn
nStrength in Diversity
nn
nnAn organization’s approach to diversity, equity and inclusion is annimportant contributor to boosting and maintaining a cybersecurity team’snmorale. It has a direct link to its effectiveness. The study showed positivenchange, that the cybersecurity workforce is becoming more diverse, thoughnthis is happening faster across race/ethnicity than it is around gender. Innthe US, Canada, Ireland, and the U.K., 70% of cybersecurity workers over 60nwere white men. In the under 30 range, the figure was 37%. Two thirds of newnentrants in those countries were non-white.
n nnHowever, women represent just over a quarter of the entire respondent basenunder 30, with 18% of respondents under 30 being non-white women.n
nnThere is a practical element to this. Almost 70% of cybersecuritynprofessionals reported that an inclusive environment was important for theirnteam to succeed, while just over half said diversity within the securitynteam had contributed to the team’s success.
n nnAt the same time, just over a quarter (27%) said their company was not doingnenough to address DEI issues, and a fifth said they felt discriminatednagainst within their workplace. This was countered by positive responses,nwith over half (51%) acknowledging the importance of DEI for their securitynteam, and a similar majority (53%) acknowledge DEI for being a successnfactor for the cybersecurity team.
n nnThe uptake of DEI measures remains modest, with less than half (46%) ofnrespondents saying their organizations had DEI training, and almost one innten saying their organizations have no DEI initiatives at all.n
nnHowever, there was one DEI initiative that had a clear impact onncybersecurity effectiveness. Skills-based hiring was mentioned as a DEIninitiative by 40% of respondents. This delivered clear benefits, for examplenin terms of recruiting women into cybersecurity roles.
n nnMoreover, together with the introduction of job descriptions that refer tonDEI programs, this meant that respondents were more likely to agree thatntheir organization had “the tools and people they need to ensure thenorganization is prepared to respond to cyber incidents over the next two tonthree years.”n
nn
nWhat Does This Mean for Members?
nn
nnIt’s important then for members, be they team members or management, tonrecognize that culture and diversity issues have a real positive bearing onna cybersecurity team’s effectiveness, and by implication on the security ofnthe organization, when in place.n
nnIn a time of economic and geopolitical uncertainty, positive DEI practicesncan help teams and organizations. Embracing a far broader talent pool isncritical in ensuring that you have the right balance of skills needed tonoperate effectively during difficult and unpredictable situations. Doing soncan bring in new approaches to problem solving, understanding of differentnmarkets and cultures, and provide the business with a wider-reaching andnmulti-layered view of the environment, the challenges, the motivations andnhow best to combat them.n
nnIn addition, the long-term effects are exceedingly valuable. A workplacenwhere all cybersecurity professionals feel comfortable keeps workers happy,nensures productivity is high and reduces staff churn. In most cases, itncosts far less financially and in terms of disruption to retain someone thannto recruit a replacement.n
nnThe upshot is that the report advises organizations to “listen to your staffn– don’t work against them. A workplace where all cyber securitynprofessionals feel comfortable keeps workers happy, productivity high andnattrition low.”
n- n
- The full report for 2023 can be downloaded atn n https://www.isc2.org/research, along with the Cybersecurity Workforce Study reports from previousn years for further comparison. n
- A preview session on the Cybersecurity Workforce Study findings tookn place at ISC2 Security Congress in October 2023. This is nown available for on-demand replay atn n https://events.isc2.org/ n
- Join the conversation – let us know your thoughts on the findingsn over in then n ISC2 Community n