Cybercrime poses a significant threat to industries and individuals alike. However, there are some less obvious but just as damaging issues that we need to be wary of, too. The new menace threatening cyberspace is burnout.
Cybersecurity experts and IT professionals across the globe are experiencing high levels of burnout and fatigue. This results in a productivity drop and increased stress, with professionals either being unable to respond to an incident in a timely manner or, worse, quitting their jobs altogether.
Burnout leads to a drop in productivity
90% of individuals across six Asia-Pacific markets are experiencing the negative effects of burnout and a lack of resources, a report by Sophos and Tech Research Asia concluded.
The majority of respondents from countries like Australia, India, Malaysia, Singapore, and the Philippines claimed to experience the highest level of burnout.
In recent years, countries such as India and Japan have noticed an increase in burnout among cybersecurity professionals.
According to the report, this level of burnout caused an average drop in productivity by 4.1 hours per week.
What’s most alarming is that 17% of cybersecurity professionals reported that burnout was directly responsible for cybersecurity breaches. For example, burnout might lead to slower response times when confronted with cybersecurity incidents.
While in a state of burnout, certain cybersecurity professional reported that their performance wasn’t “diligent” enough, which could potentially lead to cybersecurity risks.
High levels of anxiety during a security breach or attack were reported by one-third of respondents.
Across the region, individuals expressed that they wished to resign from their jobs or change career paths, while some cybersecurity professionals explained that they had indeed resigned from their positions.
What causes burnout?
Sophos’ report states that the top main causes of burnout are a combination of the role, resource shortages, and management pressure, namely:
- Lack of resources available to support cybersecurity activities, including staff shortages, budget restrictions, and limited third-party support.
- The routine aspects of the role create a feeling of monotony, interspersed with challenging moments of activity.
- An increased level of pressure from board and/or executive management, increasingly as these groups come under pressure from changing regulatory and legal obligations relating to cybersecurity.
- Alert overload is where professionals face persistent alerts from tools and systems, all of which require prioritization and action, even if the majority are false alarms
- The increase in threat activity and the adoption of new technologies have contributed to a more challenging, ‘always-on’ environment.
Extended hours at the office and excessive responsibilities are major contributing factors to burnout for cybersecurity professionals, according to a report by Gartner.
The Gartner Peer Community surveyed 178 leaders in information security and IT to identify the leading causes of burnout.
Over half of cybersecurity leaders experienced burnout at least once, while other respondents experienced burnout multiple times during their careers.
The report demonstrates that more than half of cybersecurity professionals felt pressure to work late nights and or on weekends.
Furthermore, too much responsibility also leads to burnout, as the majority of cybersecurity leaders reported that this organizational factor impacted their ability to perform their duties.
According to Gartner, another factor that impacted a significant percentage of cybersecurity leaders was the unrealistic expectations surrounding security functions and their role as cybersecurity professionals, which increased feelings of burnout.
What’s shocking is that most individuals who experienced burnout didn’t inform their managers due to fear of negative repercussions.
How to resolve burnout
As the cybersecurity landscape is constantly evolving, professionals require adequate resources to prevent and manage burnout.
The Gartner report claims that just over half of individuals have satisfactory resources on hand to cope with and mitigate burnout.
Other respondents noted that these resources were lacking or non-existent within their organization.
The report also found that burnout can be prevented through resource allocation, executive leadership support, and recognition.
The unrelenting pressure and unrealistic expectations felt by cybersecurity leaders and professionals alike are one of the main causes of workplace fatigue and burnout.
Therefore, more must be done to change the culture surrounding cybersecurity, bolster morale, and support professionals as they work to guard the cybersecurity landscape.
