The Ticking Timebomb Of Cyber-Security Burnout
Keywords: CyberSecurity, Burnout, Mental Wellbeing, Sustainable Business, CyberRisk, BusinessRisk
Author: Lisa Munro
Date: 8 February 2024, Worklife Digital
The cybersecurity industry is facing a crisis: recent reports highlight an ongoing critical business issue in which overburdened security teams grapple with burnout, taking a toll not just on cyber professionals’ well-being but also on their organisation's defenses. In short, burnout isn't just a human cost, it's a direct threat to data security, brand reputation, and ultimately, profits.
A 2023 study found 83% of IT security professionals admit they or someone in their department has made errors due to burnout that have led to a security breach. 85% say they anticipate they will leave their role due to burnout; 24% say they'll leave cybersecurity entirely*. This is due to a number of factors, including:
Insufficient resources: Many organisations are understaffed and under-resourced when it comes to cybersecurity. The insufficient pool of qualified professionals worldwide (the latest estimate is a 3.5 million person shortage globally)** is exacerbated by poor internal support and company culture leading to increased numbers leaving the industry. Lack of sufficient investment in recruiting enough resource due to organisational cost-cutting initiatives also has an impact. This means that cybersecurity professionals are often stretched thin, trying to do more with less.
High pressure and lack of listening: Cybersecurity professionals are under a lot of pressure to protect their organisations from cyberattacks. Despite the significant financial risk to businesses many professionals express frustration at the lack of listening by the C-Suite to their expert opinion and recommendations around cyber risks. This pressure can lead to anxiety, stress, and burnout, however many feel these issues aren’t taken seriously by leadership
Constantly changing priorities: The cybersecurity landscape is constantly evolving, with new threats emerging all the time. This means that cybersecurity professionals need to be constantly learning and adapting, which can be mentally taxing.
Long work hours: Cybersecurity professionals are often on call 24/7, responding to incidents and threats as they arise. This can lead to long hours and difficulty maintaining a healthy work-life balance.
These aren’t just theoretical concerns. There have been several high-profile cases of cyberattacks that have been linked to employee burnout. For example, in 2017, a security analyst at Equifax fell asleep on the job, which allowed hackers to gain access to the company's systems and steal the personal data of millions of Americans.
However there are steps that organisations can take to address cybersecurity burnout:
Measure and address mental wellbeing: Organisations need to start taking mental health seriously. This means regularly measuring employee burnout and taking steps to address it, such as providing mental health resources and creating a culture of support.
Listen to your cyber experts: Cybersecurity professionals are the ones on the front lines of the fight against cybercrime. Organisations need to listen to their concerns and expertise, rather than ignoring them in an effort to cut costs.
Invest in your workforce: Organisations should invest in their cybersecurity workforce by providing them with the training, resources, and support they need to be successful. This includes investing in professional development, mentorship programs, and competitive salaries and benefits.
Leadership training: Train managers on effective leadership styles, emotional intelligence and empathy. Equip leaders with the skills to recognise and address signs of burnout in their teams.
Promote work-life balance: Organisations need to create a culture that promotes work-life balance. This means encouraging employees to take breaks, use their vacation time, and disconnect from work outside of office hours.
Build a culture of security: Cybersecurity is not just a technical issue, it is a cultural issue. Organisations need to build a culture of security where everyone is aware of the risks and takes steps to mitigate them.
By taking these steps, organisations can help to prevent cybersecurity burnout, minimise staff turnover and resource risk, and create a more resilient cybersecurity workforce. This is not just good for business, it is essential for national security.
Cybersecurity is not a cost center, but an investment. The cost of a successful cyberattack can be far greater than the cost of investing in cybersecurity prevention.
WorkLife Digital is a global mental-wellbeing consultancy driven by the mission to improve the sustainability of businesses. Our psychological wellbeing tool, Worklife Quotient (WL-Q), is modelled on cutting-edge scientific research and provides organisation-wide measurement and intelligence on the mental wellbeing levels and psychological resilience of staff. WL-Q also assesses the impact of organisational practices (i.e. people and culture, leadership styles, organisational purpose and values, social impact) that have a direct influence on staff wellbeing and provides strategic recommendations on addressing risks and promoting strengths.
For more information, get in touch at lisa@worklife.digital
Follow us on LinkedIn if you want to know more about current and upcoming mental wellbeing updates and regulations.
References
*https://www.devo.com/company/newsroom/it-security-professionals-say-burnout-causes-data-breaches/
**https://www.devo.com/company/newsroom/it-security-professionals-say-burnout-causes-data-breaches/