47% of respondents have been temporarily taken off security duties to assist with IT-related tasks as organizations move to remote work
Clearwater, FL, April 28, 2020 – ISC2 – the world’s largest nonprofit association of certified cybersecurity professionals – today released the findings of a survey in which 256 cybersecurity professionals shared insights into their current work situations during the first several weeks of the COVID-19 pandemic. In the ISC2 COVID-19 Cybersecurity Pulse Survey, 81% of respondents, all responsible for securing their organizations’ digital assets, indicated that their job function has changed during the pandemic. 90% indicated they themselves are now working remotely full-time.
“The goal of the survey was to take the pulse of the cybersecurity community as many of their organizations began to shift their employee bases and operations to remote work setups in March and April,” said Wesley Simpson, COO of ISC2. “While this was certainly not an in-depth study of the situation, it does provide a current snapshot of the issues and challenges our members may be facing during this unprecedented time. Sharing this information helps our members and other professionals in the field understand the challenges their peers are facing, and hopefully realize they are not alone, even if many of them are feeling isolated as they adjust to working from home.”
The ISC2 COVID-19 Cybersecurity Pulse Survey’s findings shed light on the recent adjustments organizations have made to maintain their business operations and the impact on cybersecurity professionals. Findings include:
- 96% of respondents’ organizations have closed their physical work environments and moved to remote work-from-home policies for employees; nearly half (47%) said this was the case for all employees, while 49% indicated that at least some employees are working remotely
- 23% said cybersecurity incidents experienced by their organization have increased since transitioning to remote work – with some tracking as many as double the number of incidents
- 81% of respondents said their organizations view security as an essential function at this time
- 47% of respondents said they have been taken off some or all of their typical security duties to assist with other IT-related tasks, such as equipping a mobile workforce
- 15% of respondents indicated their information security teams do not have the resources they need to support a remote workforce, while another 34% said they do, but only for the time being
- 41% said their organizations are utilizing best practices to secure their remote workforce, while another 50% agreed, but admitted they could be doing more
- Almost one-third (32%) of respondents were aware of someone in their organization who has contracted COVID-19
Challenges Facing Cybersecurity Professionals
The survey also asked respondents to share comments about the challenges they face during COVID-19. Some of the themes that came to light included a lack of hardware to support a larger number of remote workers, the struggle between organizational priorities for quick deployment of remote technology and the commensurate level of security to protect systems, and helping end users understand and abide by security policies outside the office.
One respondent commented, “Security at this point is a best effort scenario. Speed has become the primary decision-making factor. This has led to more than a few conversations about how doing it insecurely will result in a worse situation than not doing it at all.”
A Perfect Recipe for Cybercrime
One respondent summed up the factors that have contributed to an opportune situation for cybercriminals:
“COVID-19 hit us with all the necessary ingredients to fuel cybercrime: 100% work from home [WFH] before most organizations were really ready, chaos caused by technical issues plaguing workers not used to WFH, panic and desire to ‘know more’ and temptation to visit unverified websites in search of up-to-the-minute information, remote workforce technology supported by vendors driven by ‘new feature time to market’ and NOT security, employees taking over responsibilities for COVID-19 affected coworkers (unfamiliarity with process), and uncertainty regarding unexpected communication supposedly coming from their employers.”
Lessons Learned
Several respondents also viewed the pandemic as an opportunity for future process improvement, however, as the following comments illustrate:
“With a majority of the workforce staying home we all will need to rethink our policies and the compromises we are willing to make.”
“People seem to be thinking more about security when they are working remotely, which is a good thing.”
“Employers now face the prospect of doing what they should have done long before: enact contingency plans for large-scale remote work due to natural or man-made disasters. Enabling remote work also has the benefit of appealing to potential employees when recruitment is a concern.”
About the Survey Methodology
Results presented are from an online survey conducted by ISC2 in April 2020. The total respondent base of 256 global cybersecurity professionals are responsible for securing their organizations’ digital assets. This survey response sample should not be viewed as statistically representative of the entire cybersecurity workforce. It is intended to share insight with the profession and facilitate sharing best practice and lessons learned during these unprecedented times.
About ISC2
ISC2 is an international nonprofit membership association focused on inspiring a safe and secure cyber world. Best known for the acclaimed Certified Information Systems Security Professional (CISSP®) certification, ISC2 offers a portfolio of credentials that are part of a holistic, pragmatic approach to security. Our membership, more than 150,000 strong, is made up of certified cyber, information, software and infrastructure security professionals who are making a difference and helping to advance the industry. Our vision is supported by our commitment to educate and reach the general public through our charitable foundation – The Center for Cyber Safety and Education™. For more information on ISC2, visit www.isc2.org, follow us on Twitter or connect with us on Facebook and LinkedIn.
© 2020, ISC2 Inc., ISC2, CISSP, SSCP, CCSP, CAP, CSSLP, HCISPP, CCFP, CISSP-ISSAP, CISSP-ISSEP, CISSP-ISSMP and CBK are registered marks, of ISC2, Inc.
# # #
Media Contact:
For questions related to this announcement, please contact communications@isc2.org.
# # #
About ISC2
ISC2 is the world’s leading member organization for cybersecurity professionals, driven by our vision of a safe and secure cyber world. Our more than 600,000 members, candidates and associates around the globe are a force for good, safeguarding the way we live. Our award-winning certifications – including cybersecurity’s premier certification, the CISSP® – enable professionals to demonstrate their knowledge, skills and abilities at every stage of their careers. ISC2 strengthens the influence, diversity and vitality of the cybersecurity profession through advocacy, expertise and workforce empowerment that accelerates cyber safety and security in an interconnected world. Our charitable foundation, The Center for Cyber Safety and Education, helps create more access to cyber careers and educate those most vulnerable. Learn more and get involved at ISC2.org. Connect with us on X, Facebook and LinkedIn.
© 2020 ISC2 Inc., ISC2, CISSP, SSCP, CCSP, CGRC, CSSLP, HCISPP, ISSAP, ISSEP, ISSMP and CBK are registered marks, and CC is a service mark of ISC2, Inc.
Media Contact:
Amanda Steinman
Senior PR Manager
ISC2
asteinman@isc2.org