Security leaders' career struggles were analyzed in a recent Enterprise Strategy Group (ESG) report. According to the report, a career in cybersecurity is becoming more difficult in an increasingly challenging environment.

Nearly two-thirds (66%) of respondents believe that working as a cybersecurity professional has become more difficult over the past 2 years, with 27% stating that it is much more difficult. Internal issues like workload complexity, staffing shortages and budget deficits combined with external issues like the dangerous threat landscape and regulatory compliance challenges have made this profession progressively more difficult. Most (81%) respondents cite the increase in cybersecurity complexity and workload as the reason their careers are more difficult now. 

Over half (59%) point to the increase in cyberattacks due to an expanding attack surface and 46% state that their cybersecurity team is understaffed. Almost half (43%) agree that both budget pressures and regulatory compliance complexity have increased and present further challenges. Eight percent of cybersecurity professionals have experienced one or several disruptive security events at their organization that have made their work more difficult. 

According to the report, most cybersecurity professionals aren’t very satisfied with their career choices. Cybersecurity professionals face daily job stress like an overwhelming workload, working with disinterested business managers, falling behind business initiatives and keeping up with the security needs of new IT projects. 

Most organizations (71%) report that they’ve been impacted by the cybersecurity skills shortage, leading to an increased workload for the cybersecurity team (61%), unfilled open job requisitions (49%) and high burnout among staff (43%), according to respondents. Further, 95% respondents state the cybersecurity skills shortage and its associated impacts have not improved over the past few years and 54% (up 10% from 2021) say it has gotten worse. When asked to identify areas where the security skills shortage is most acute, respondents pointed to application security, cloud security and security analysis and investigations. 

A majority of respondents (60%) believe that their organization could be doing more to mitigate the cyber skills shortage, with 36% stating that they could be doing much more. When asked to identify the qualities that make CISOs successful, 71% pointed toward leadership or communications skills.

Read the full report here.