Cyber security professionals’ burnout, work-related stress, and fatigue are costing US enterprises $626 million in lost productivity a year, and UK enterprises £130 million, according to a new report.
The study, conducted by cyber security training firm Hack The Box, finds 80% of workers are experiencing burnout and stress globally.
Almost three-quarters of cyber security professionals report having taken time off due to work-related mental well-being problems, with an average of 3.4 mental sick days per year lost to work-related strain.
According to the study, this translates to an average of 3.4 hours of work lost per month, or around 5 days a year, to poor mental well-being.
The report claims a 600% rise in cyber threats since the Covid-19 pandemic has led to increased stress levels for those working in the cyber security sector. It also cites the emergence of recent technologies and the proliferation of criminal groups as issues increasing pressure on staff.
Though 90% of CISOs are concerned about the impact of stress on their team members’ well-being, according to the report less than half of CEOs share the same concern.
However, there is a gap in what is believed to be the cause of increased pressure within: 66% of business leaders believe their cyber security professionals are working overtime due to increasing threats, whereas almost 90% of the cyber security professionals put the reason to the volume of projects needed to be delivered in a limited amount of time.
To tackle the issue, just under half (44%) of businesses are investing in temporary staff to support teams, and almost 50% are investing in upskilling platforms to increase team member confidence.
Haris Pylarinos, founder and CEO of Hack The Box says: “Cyber security professionals are at the forefront of a battle they know they are going to lose at some point, it’s just a matter of time.”
“We’re calling for business leaders to work more closely with cyber security professionals to make mental well-being a priority and actually provide solutions they need to succeed,” he adds. “It’s not just the right thing to do, it makes business sense.”
Sarb Sembhi, CTO at Virtually Informed and chair of Mental Health in Cyber Security says: “Stress, burnout and mental health in cyber security is at an all-time high. It’s also not just the junior members of the team, but right up to the CISO level too. It’s a difficult topic to navigate as it’s so personal to the individual, but building in the right support and processes has so many advantages for the people and the enterprise.”
How to reduce burnout?
In a webinar discussing the report, TI heard from cyber security professionals on how they reduce their burnout and advice to those struggling.
“Preparedness,” says Andrea Succi, CISO at logistics firm Ferrari Group. “If you go into panic mode, your team will go into panic mode. You need to be able to manage it.”
“This is part of your job. You need to learn, you need to work, you need to prepare, and you need to train, to manage stress. It’s like playing chess because if you move a knight in the wrong position, then you’re stressed until the end of the game.”
In the same vein, Pylarinos adds that it helps to be ready for the unexpected, and to train for crisis simulations – so much so that it becomes “just another day at the office.”
“Simulating the entire experience, developing the emotions, the stress, prepares you for the live events,” he advises.
Jess Burn, principal analyst for market research firm Forrester recommends desk workers, particularly, take time to go outside and take a walk.
“Walking around and clearing your head really does help because things start to feel quite overwhelming if you have a lot of competing priorities,” she says.
“Also, I have a great manager, and when there are too many things on my plate we decide what’s the priority,” Burn adds. “[Having] someone else to say what they think makes the most sense for me to prioritise when everything is urgent, and to bounce ideas off of, is incredibly helpful.”
Finally, Sembhi adds that Mental Health in Cyber Security found that when people are stressed, bad habits tend to creep up such as not eating properly, consuming more coffee and alcohol, smoking more, and a lack of sleep and exercise.
“For me, I’ve always tried to make sure I’m exercising, eating properly, reducing my alcohol intake, and sleeping properly. All of these simple things.”
Sembhi also suggests reducing call time to allow for breaks in between meetings. For instance, making an hour-long call 50 minutes, and half an hour 25 minutes. Plus, taking notifications off e-mails to reduce stressful distractions and visiting emails when there is capacity to.
