- 0 Comments
These are just some of the reasons cited by cybersecurity professionals for the sharp increase in stress and burnout over the last few years. And this was before Covid. How many sound familiar?
Unrealistic and unhealthy expectations about outcomes and results, expectations set both by employers and by the individual defenders.
Little time to pause or decompress because of the relentless waves of attack, with some reports suggesting anywhere from 10,000 to more than 1 million security alerts per day and up to 80% false positives.
Simmering frustrations – with understaffing, insufficient budgets, employees who continue to undo and undermine security efforts, and a leadership not taking the threats seriously enough.
Exhausting schedules – security professionals complain about always being on the clock and on the job, at least mentally, compounded by no real downtime, long hours, long weeks, and even long weekends.
The fatigue of trying to keep up with a constantly changing environment, from new threats, tactics, and technologies, to new laws, regulations, guidelines, frameworks, and standards.
Personal and professional pride, and the constant fear of personal failure, of being the one who lets the team and organization down by missing that one single threat amongst thousands.
“Cultures that foster burnout cost organizations 10x more than absenteeism, which already costs over $150B a year.” The Cybersecurity Hub.
The emotional toll of constantly fighting and being exposed to the worst kinds of criminals, and witnessing the cruelty they inflict on their victims.
An increase in cynicism and a decrease in trust amongst security professionals, often permanent emotional changes that they bring home with them.
Security teams stretched too thinly, which results in heavier workloads, pressure to take on too many tasks, and not being allowed to focus on the most critical or relevant challenges.
Pre-existing conditions – many security professionals come into the industry with existing mental health issues, and especially with an increase in military and law enforcement dealing with anxiety and PTSD.
A growing strategy by attackers to psychologically wear out the defenders, and often taunting, threatening, and even directly targeting security professionals.
It’s all or nothing with little room for compromise. Security professionals often get little or no credit when nothing goes wrong, and all the blame when something bad happens that’s out of their control.
Leaders who don’t get it. While many CISOs and other security leaders say they feel confident their security team will tell them if they’re struggling with stress and burnout, most security professionals say they won’t tell them for fear of being judged or criticized.
“The first PsyberResilience study found that more than 87% of security professionals think their organization needs to do more to help manage stress and mental health issues.”