This is the seventh year that the “State of the Profession” report has been produced by CIISec. Each year I marvel that, what started out as a small survey of the members, has become a major piece of research and analysis of the trends affecting the industry and the profession.
The trends of certain data points over time make interesting reading. It is with some excitement that each year’s numbers get added to the prior year’s datasets to see what differences there have been, in particular during the years when the pandemic has led to so much disruption of everyone’s personal and professional lives – or not, as in some cases we have shown. The timing of the study is worthy of note, this year perhaps more than usual. In the summer of 2021, the covid numbers were dropping significantly and many people felt the pandemic was behind them. Then in the final months of 2021 and early 2022 yet another new variant led to a rapid race to vaccinate with boosters, a return to homeworking andmore limits on travel.
As this report is being written, the pandemic is much lower down the list of things affecting people’s lives (rightly or wrongly). The outbreak of war in Europe with Russia’s invasion of Ukraine, the cost of living crisis and economic uncertainty have now become the most newsworthy topics and the most worrisome (one would assume) for individuals and businesses. These factors post-date the data collection period, but might show effects in future years’ surveys.
As ever, the survey is arranged into themes and there is a section following this for each. This year, following an intense period of focus within CIISec and elsewhere, we looked in depth at diversity and inclusion. At a technological level, we also look at the rising scourge of ransomware which has been one of the bigger challenges facing security teams, businesses and insurers – as well as a source of concern within government circles.
Last year we observed that the survey contains both good and bad news. Being optimistic however, the data is hopefully useful in developing business cases for improvements in cyber security posture (especially around ransomware prevention and recovery) and highlights some areas where we can draw some satisfaction.