<p>Not even one in three cybersecurity professionals views their organization’s cybersecurity culture as better than average, according to a new survey.</p>
<p>That leaves plenty of room for improvement, concluded “The Life and Times of Cybersecurity Professionals.” Now in its eighth year, the <a target=”_blank” href=”https://issa.org/wp-content/uploads/2026/06/Ebook-ISSA-Life-and-Times-of-Cybersecurity-Professionals-April-2026-final.pdf” rel=”noopener”>annual study</a> conducted by the Information Systems Security Association (ISSA) and Omdia, a division of Informa TechTarget, gauged the opinions of 380 IT and security professionals about a variety of topics, ranging from job satisfaction to the quality of the work being done by their own teams.</p>
<p>When asked to grade their organization’s cybersecurity culture, only 29% rated it advanced, 50% called it average and 19% described it as fair.</p>
<p>What did cybersecurity professionals say would improve the state of security at their organizations? At the top of the list was a preference for increased <a target=”_blank” href=”https://www.cybersecuritydive.com/news/cybersecurity-training-budget-increases-ai-skills/822640/” rel=”noopener”>training for cybersecurity and IT staff</a> (42%), followed by investment in staff and tools (37%).</p>
<p>Other actions included improved <a href=”https://www.techtarget.com/searchsecurity/tip/Cybersecurity-governance-A-guide-for-businesses-to-follow”>governance and compliance</a> (36%); better <a href=”https://www.techtarget.com/searchsecurity/definition/cyber-hygiene”>cyber hygiene</a> (35%); better <a href=”https://www.techtarget.com/searchsecurity/tip/5-tips-for-building-a-cybersecurity-culture-at-your-company”>security culture</a> across the organization (34%); more security awareness training for nontechnical employees (33%); better capabilities to prevent, detect and respond to threats (31%); and more frequent testing to validate controls and identify weaknesses (30%).</p>
<p>As for how to improve the working relationship between security and IT teams, 44% of respondents suggested embedding cybersecurity staff into functional technology groups, while 41% wanted automated processes that would require collaboration between security staff and their IT colleagues.</p>
<p>Wanting greater collaboration across an organization is one thing. Achieving it is something else. That’s where capable leadership and <a href=”https://www.techtarget.com/searchsecurity/tip/Cybersecurity-soft-skills-to-elevate-your-career”>soft skills</a> come into play, said Melinda Marks, cybersecurity practice director at Omdia.</p>
<p>”Things like demanding a seat at the table when there are technology decisions being made. They should be saying, ‘Hey, I want to look at the security features and weigh in on this and whether we should adopt this,'” said Marks, author of the Life and Times report. “Those take a lot of soft skills — like communication and collaborating with the other teams — that are different from just the technical skills in cybersecurity.”</p>
<p>Organizations with a healthy cybersecurity culture have security leaders and teams that are willing to find ways to avoid the “Team of No” impulse to dismiss every new idea as unsafe, Marks said.</p>
<p>Successful companies also have constructive conversations about balancing risk and innovation, Marks said. “It’s worth the investment for organizations that want to grow and scale to find those cybersecurity professionals who understand new technologies and know how to work with other teams to align on goals, put the right programs in place, put the right tools in place and then work to meet their goals. Those are different skills than in the past.”</p>
<p>Marks also noted that effective security requires employers to address the <a target=”_blank” href=”https://www.darkreading.com/cybersecurity-operations/triple-threat-burnout-overworked-unsatisfied-trapped” rel=”noopener”>ongoing pressures their security teams face</a>. The survey’s job satisfaction scores were not good, with 20% of respondents saying they regularly consider leaving the profession.</p>
<p>Companies need to pay more attention to this, Marks said, by investing in technologies as well as in the people who use them.</p>
<p>Shawn Murray, distinguished fellow and past president of ISSA, said burnout is best solved by those at the very top of an organization. “If leadership doesn’t believe in or prioritize security as a requirement for conducting business, it continues to be a struggle for the cybersecurity professional — especially for CISOs when you’re trying to negotiate budgets and get personnel in.”</p>
<p><a href=”https://www.techtarget.com/searchsecurity/feat
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
Read the original article: