IT Pro is supported by its audience. When you purchase through links on our site, we may earn an affiliate commission. Learn more

70% of IT workers skip key security steps due to work pressures

Report finds that a fifth of DevOps and security professionals have considered quitting their jobs due to stress

Security and development teams are groaning under the strain of securing organizations, according to a report released this week. 

The report, released by web application security tools company Invicti Security, found 78% of respondents reported increased stress levels over the last year. One in five DevOps and security professionals have considered quitting their jobs due to these pressures. 

The report blames the problem on a backlog of security tasks, caused in part by a cyber security skills shortage. It says that the average IT team member would need a two-week break from their regular work just to catch up with what it calls 'security debt'. 

The report, which surveyed 600 executives and hands-on practitioners across security, development and DevOps roles, found that the heavy workload had an effect on the security process. 70% of respondents frequently or always skipped security steps when delivering projects, it said. 

A lack of security in the software development lifecycle isn't helping. Almost half of all developers said that application security testing is completely separate from development, with only one in five reporting that they have fully integrated it into the development process. The result is less secure software, with one in three security issues making it through the development and testing stage to production. 

A lack of focus on post-deployment application scanning exacerbates the problem, as professionals fail to allocate enough resources to it, the report said. Only seven in ten of those that fully adopted security in the software development phase regularly scanned more than three quarters of their applications for vulnerabilities and then remediate them. 

Related Resource

The truth about cyber security training

Stop ticking boxes. Start delivering real change.

Pair of feet in socks with a chair and plant in the backgroundFree download

Security professionals want more automation to help lighten the load. One in six of them said that their companies do not have enough automation in place to test and remediate security issues. 

That's due in part to a lack of trust in the tools. Only half of the respondents were confident enough in the accuracy of their vulnerability scanning software, prompting almost four in five to manually verify results. Each verification takes around an hour. 

Invicti recommends better training for developers and security teams, paying more attention to post-deployment vulnerability scanning, and automating manual tasks where possible. Machine learning is also making tools more aware of vulnerability context, it concluded. 

Featured Resources

Four strategies for building a hybrid workplace that works

All indications are that the future of work is hybrid, if it's not here already

Free webinar

The digital marketer’s guide to contextual insights and trends

How to use contextual intelligence to uncover new insights and inform strategies

Free Download

Ransomware and Microsoft 365 for business

What you need to know about reducing ransomware risk

Free Download

Building a modern strategy for analytics and machine learning success

Turning into business value

Free Download

Recommended

Senate report slams agencies for poor cyber security
cyber security

Senate report slams agencies for poor cyber security

3 Aug 2021
Most employees put their workplace at risk by taking cyber security shortcuts
cyber security

Most employees put their workplace at risk by taking cyber security shortcuts

27 Jul 2021
61% of organizations say improving security a top priority for 2021
cyber security

61% of organizations say improving security a top priority for 2021

29 Jun 2021
ProtectedBy.AI’s CodeLock blocks malware at source code level
software as a service (SaaS)

ProtectedBy.AI’s CodeLock blocks malware at source code level

9 Jun 2021

Most Popular

Windows Server admins say latest Patch Tuesday broke authentication policies
Server & storage

Windows Server admins say latest Patch Tuesday broke authentication policies

12 May 2022
16 ways to speed up your laptop
Laptops

16 ways to speed up your laptop

13 May 2022
How full-stack observability can accelerate IT innovation
Sponsored

How full-stack observability can accelerate IT innovation

3 May 2022