On call 24/7. An uptick in cybersecurity incidents. The Great Resignation. An economic downturn. Layoffs. Hiring freezes. Resource constraints.
As a result of the pandemic, its aftermath, and myriad other worldwide events, the last few years have taken a toll on everyone’s mental health — especially in cybersecurity.
And the stress level is showing. Sixty-three percent of cybersecurity professionals said their stress levels spiked over the past year, according to a Tines report. Other findings from the report included:
- 66% of respondents experience stress at work
- 64% said their mental health affects their ability to work
- 64% believe work impacts their mental health
“While burnout is common across many industries, given that cyber attackers only have to succeed once per target while defenders have to succeed over and over again defending that target, it's especially a problem in cybersecurity,” said Daniel Trauner, senior director of security at Axonius.
More work + less visibility = burnout
The overnight pivot to remote work. Stopgap policies for BYOD devices. The postponements of much-needed IT initiatives. These and many other factors made it challenging for IT and cybersecurity professionals in recent years to perform their jobs — let alone understand what’s going on in their organizations’ IT infrastructure.
Seventy-two percent of respondents reported an increase in IT complexity in their environments, according to “Cybersecurity Asset Management Trends 2021,” a global report by Axonius.
All of this flux led many IT and cybersecurity professionals to question their career path. Deep Instinct’s Voice of SecOps Report found that 45% of respondents considered quitting the industry this year due to stress, and 46% know at least one colleague who left cybersecurity altogether in the past year due to stress.
“The amount of people who move jobs because of burnout has increased significantly,” said Deidre Diamond, founder and CEO of CyberSN and Security Diversity, during the Technically Divided podcast episode, “Cybersecurity: Do We Have a Cybersecurity Skills Gap?”
“Those who were already on the verge of burnout are now fully in burnout. Meaning, most people were already stretched thin, not having enough opportunity, not enough people on the team, and doing the same thing over and over. [There’s] not a lot of wins, and they’re not feeling really great.”
“Then COVID comes and now they’ve got to deal with remote,” Diamond continued. “They’ve got to deal with more and more attacks than we’ve ever seen happen in the last two years and [are] continuing, and ones that are very hurtful. They’ve gone to a 30% higher burnout rate.”
Finding “clever moments” to boost spirits on the job
No doubt about it, this strain on IT and cybersecurity professionals impacts their organizations’ security.
The (ISC)² Cybersecurity Workforce Study revealed that 60% of study participants say a cybersecurity staffing shortage is placing their organizations at risk. This is all leading to real consequences, including:
- 32% with misconfigured systems
- 30% didn’t have enough time for proper risk assessment and management
- 28% found oversights in process and procedure
Some IT and cybersecurity leaders are taking people-first approaches, like more flexible working conditions, to ease the strain and retain their staff.
Allan Alford, CISO and CTO at TrustMAPP, recently switched up responsibilities for some members of his team for a period of time after asking who’s feeling burned out. For example, one member was given the opportunity to scale his quality assurance skills in a company-wide audit.
"As a leader, I can’t do this all of the time, but I can make sure everyone gets that at least some of the time,” said Alford during the Technically Divided podcast episode, “Does a Cybersecurity Skills Gap Exist?”
“There’s these clever moments like that,” he explained. “It’s not just when you hire, it’s the whole time as a leader. You have to constantly be thinking about that. You know what people’s strengths are. I’ve got a good feeling for everyone on my team — where their sweet spot is, where their groove is. I try to make sure they get to be in the groove at least a substantial portion of the time.”