Security pros suffer burnout as firms increase cybersecurity protection

More than half had sleepless nights worrying about cybersecurity or negative emotions such as depression, anger, or anxiety due to feeling overwhelmed at work.
7 April 2022

(Photo by Yevgeniy Sorochin / AFP)

As organizations focus on increasing their cybersecurity protection, a new report from Vectra AI highlighted the mounting pressure on security professionals is creating a health crisis in cybersecurity.

While the COVID-19 pandemic has already disrupted processes and created new working lifestyles, mental health and other health issues need to be taken into consideration as well. For most IT employees, especially those dealing with cybersecurity, the workload continues to increase tremendously as organizations race to secure their systems.

In fact, Gartner predicted that worldwide spending on information security and risk management technology and services reached US$150.4 billion in 2021. Increased investments in these areas will indeed secure an organization. However, business leaders need to also consider the skills required on ensuring these investments are really beneficial for them.

According to the findings in the report – Breaking Point: Is mounting pressure creating a ticking time bomb for a health crisis in security – two out of five respondents said they had to seek help because of the impact of work-related stress— including migraines, panic attacks, or high blood pressure. The surmounting effects of stress IT and security experts are facing pushes many to reconsider their careers. Half reported feeling burnt out and ready to throw in the towel.

In the UK alone, almost all of the 200 IT security leaders surveyed felt increased pressure to keep the company safe from cyberattacks in the past year. One in three have also suffered a major security incident over the past twelve months. These incidents have often resulted in finger-pointing, long hours, and damage to team morale, with one in five saying the incident caused their mental health to decline severely.

The survey also showed that 51% of respondents experienced negative emotions such as depression, anger, or anxiety due to feeling overwhelmed by work while 56% have had sleepless nights worrying about work. 42% have also dreaded going to work and have called in sick because they couldn’t face working that day.

For Steve Cottrell, EMEA CTO at Vectra AI, these stats should be a wake-up call as security teams and their leaders need support to shift away from the constant cycle of over-working and anxiety. “Security leaders shouldn’t always be the ones to feel the blame when something goes wrong,” he said.

“In most cases, CISOs will have requested budget, assets, and changes that weren’t signed off – so they must be ready to remind the board that security is a shared responsibility. After all, we are all on the same team. With an improved focus on workforce wellbeing, increased investment, better training, and the right tooling, we can start turning the tide,” commented Cottrell.

With skills shortages in the tech industry already a major problem when it comes to cybersecurity protection, the last thing companies need is to have their current employees suffer from burnout. Indeed, it is evident that the skills shortages are taking their toll on cybersecurity employees.

While modern cybersecurity solutions can be automated and require lesser human intervention to handle them, organizations still need to have a dedicated security team to ensure the cybersecurity protection processes are not disrupted.

However, the reality is that 67% of respondents say they don’t have enough talent on their team, with almost one-in-five (17%) saying it feels like each person is doing the workload of three. The results also show an environment where security leaders are working more hours than ever but still cannot cover their workload, living in constant fire-fighting mode.

Changing IT environments and evolving threats are also layering in complexity to the role, with respondents citing rising concerns about ransomware or cyber-attacks within their supply chain that could hurt their organization and some claiming that the issue has given them sleepless nights.

The lack of visibility is also a contributing factor. 92% of respondents said they’ve been worried about their ability to spot legitimate threats amidst a growing volume of security alerts and the vast majority said they’d had concerns that cloud adoption was adding to IT complexity and mounting cyber-risk.

By having a view of the top threats that are likely to impact your business, you can prioritize investments that will help build resiliency to those specific risks, allowing you to prevent, detect, respond and recover more effectively. Also, by investing in automation, you can lead a cultural change where everyone is a security professional, helping to spread the load,” added Cottrell.