All work and no play? IT security employees spend six hours of working week on hobbies

Gulf tech
As much as 85% of IT Security staff engage in leisure activities during working hours. Typically,
these hobbies account for six hours 1 a week, which is an hour more than staff across the
company overall. A reason for these breaks may be to find a distraction from high workloads,
which was also cited as the most common reason to leave a cybersecurity job. These are
findings extracted from a new Kaspersky report titled ‘Managing your IT security team’.
Cybersecurity can involve routine and repetitive tasks, which affects both productivity and motivation to
work. A shift to remote work has further blurred the lines between working and personal time. This
combination of factors can lead to situations where employees are often distracted from work.
Kaspersky’s report surveyed more than 5,200 IT and cybersecurity practitioners globally. According to
the research, among the most common activities IT security staff participated in at work included
reading the news (42%), watching videos on YouTube (37%), and watching films or TV series (34%). A
third of the respondents managed to do physical exercise (31%) and read professional literature (33%).

1 Median value was used. The median is the middle point value, separating the higher half from the lower half of a data sample.
This method was chosen to depict a typical routine, as the average number was heavily affected by the small sample who spent
much working time on their hobbies

Playing board games
Listening to podcasts
Reading books
Playing video games
Physical activity (fitness, sport games, etc)
Scrolling feeds in social media or communities
Reading professional articles and literature
Watching films or TV series
Watching videos on YouTube etc.
Reading articles and news

13%
21%
29%
29%
31%
32%
33%
34%
37%
42%

Share of IT security respondents spending time at

work on each activity

Pic. 1 Types of hobbies IT security employees take during working hours
Additionally, almost half (46%) of IT security employees believe that their colleagues left a job because
of these high workloads, while 41% of employees across all departments shared this opinion. This may
seem contradictory, with so much working time being spent on leisure activities, but 48% actually
explained their distractions from work were due to a need for a break between tasks, rather than
because of boredom or a lack of work. In addition, when working from home, some duties and meetings
may now be scheduled outside the standard 9-5 workday. During longer workdays it is even more
important that workers take breaks, so they are able to remain productive over this extended period.
“I don’t think that it’s an issue that employees are distracted from work. There should be control over
task performance, not how many working hours are spent on a hobby. Also, it may be normal for people
to watch videos, as it may give insights into how to solve a problem. All in all, if work is not interesting for
someone and there is a lack of task management, an employee will find a way to do something different,
even from the office,” – comments Andrey Evdokimov, Head of Information Security at Kaspersky.
“Employees should have goals, KPIs, objectives and metrics that characterize the quality and speed of
their work. If performance is not affected, there are no problems with the fact that a person is distracted
from work. If efficiency has fallen or differs from colleagues, it should be paid attention to. The aim of the
manager is to inform employees about poor productivity as early as possible so they can find ways to
solve the issue,” agrees Sergey Soldatov, Head of Security Operations Center at Kaspersky.
Kaspersky experts responsible for IT security and SOC share the following recommendations on how to
manage IT security teams:

• Ensure that your company is fully equipped with IT security staff. Optimal numbers can be
  estimated as one cybersecurity employee for every 10 IT professionals;
• For round the clock SOC operation, there should be at least five employees responsible for
  monitoring. Organize shift work to avoid overworking;
• Outsource typical IT security tasks. It grants in-house employees more time to focus on
  company-specific requirements and the protection of legacy IT infrastructure;
• Ensure that you give employees different, non-standard tasks so they are not stuck in a rut and
  can develop their skills.