Cybersecurity Burnout is a Compounding Cyber Risk

Burnout isn’t just a buzzword; it’s hurting your employees and puts your data – and your business – at risk. 

A majority (83%) of IT security professionals admit that they or someone in their department have made errors due to burnout that resulted in a security breach. And 39% reported having seen this more than once. We gathered this information from a recent survey we conducted with Wakefield Research. 

CISOs and other security leaders are grappling with under-resourced and burned-out teams. They’re also burning out themselves. This is having a significant impact on organizational security overall. A large majority of IT security professionals predict they will even need to leave their company/role because of burnout. 

I wish the rest of the results of the survey were more positive. Sadly, 45% of IT security professionals say they haven’t gotten proactive leadership responses to employee burnout. In fact, it’s quite the opposite. Too many IT security professionals hear that they need to accept the stress they are under. And 82% of them have been told that stress and burnout are a normal part of their jobs; 52% hear this sentiment often or even all the time. 

They wish their leaders would offer additional training, mentorship and development (59%) to help with burnout via increased staffing (55%) and investment in automation tools (55%). Not acting on these wishes puts organizations at risk of losing the workers they’re failing to help – and it puts your company at greater risk for security breaches. 

What you can do to support security leaders

The first thing CEOs and other executives can do for CISOs and senior security leaders is to ensure they cultivate safe environments to share and understand each other’s struggles.

If your CISO asks to go to a CISO networking event, don’t think of it as a drain on resources. Your CISO is going to be better in the morning after they’re able to blow off some steam with their fellow CISOs and then brainstorm solutions to their challenges. Your security posture will be stronger because of it.

Additionally, the right ongoing education and training will give them the skills and the confidence they need to better protect your network. Hackers are constantly innovating on how to break into the one chink in your system’s armor. Don’t give them the advantage by not offering adequate training and time to complete. 

It always boils down to resources and money though. Key to this is making sure you’re engaging with your CISO and their team to ensure they have the resources they need. Make sure you’re not below industry norms and talk with your peers to see what they are providing their teams with. Lean in as much as you can afford. This is not the area of the business to skimp on and you won’t see positive results if you are doing everything else. 

That goes for security tools, too. If your security team asks for a solution that will help them get rid of some of the mundane tasks that are overwhelming them and causing additional stress, give it to them. If they can reduce those thousands of daily alerts down to 10 actions only, that’s both more effective and less stressful.

And if the CISO or another cyber team member is suffering from a mental health issue, make services available. There shouldn’t be any shame attached to feeling burnt out. You don’t need to go at this part alone – nor should you. There are organizations out there, such as Cybermindz, specialized in helping reduce burnout and treat mental health issues and they can work with you to find a solution that meets your specific objectives. 

Overcoming burnout and risk

At the end of the day, ending burnout is connected to the health of your overall business, too. A burned-out workforce isn’t doing any good for anyone. It might be tempting to cut corners or think that stress is just an inevitability, but doing so puts your company at risk financially, security-wise, and reputation-wise. Doing the right thing for your security teams is also doing the right thing for the business.  
To get a fuller picture of how security professionals are feeling about their jobs, read the full Wakefield Research study. You’ll get more detailed statistics and insight into how to prevent both burnout and breaches.