Burnout on Security Teams

From burnout to mitigating vulnerabilities, security teams are struggling and managers are overwhelmed. In our Improving Security Teams webinar series, Chief Impact Officer, Chloé Messdaghi, will explore how to improve security team wellness, starting with how to address the most pressing issue facing the workforce today: burnout.

To watch this on-demand webinar, view the recording here!

What is burnout?

Let’s first begin with defining burnout and what it looks like at an individual level.

A simple way to define burnout is the feeling of being overwhelmed or depleted. Many may also argue that it’s the feeling of being trapped or stuck in a work environment, lacking creativity. At its most simple, burnout can be defined as a type of work-related stress, which usually stems from little to no work-life balance.

This can result in:

• Fatigue
• Insomnia
• Depression
• Anxiety
• And more

It's critical to remember that it's not the employee's fault that burnout occurs. It’s not due to workload usually, but rather a lack of caring by the organization and poor leadership. In our recorded session, Chloe discusses how organizations cause burnout and how it can lead to employees and even C-Suite level executives developing depression, anxiety, and/or PTSD (Post Traumatic Stress Disorder).

What does burnout look like for CISOs and security teams?

Work stress has impacted the families and children of 40% of CISOs polled in a 2020 study by Dark Reading. Furthermore, 41% said they are afraid to take time off. The reality is that CISOs are also suffering from severe burnout. CISOs are always on the chopping block...and always have to justify why they need more funds. However, because there is no ROI for executives on security...it can be difficult to justify the costs. In turn, CISOs must decide whether to leave such positions or the industry.

If you think about it, we’re always operating in a reactive mode, not preventative. This, in turn, leads to more breaches. CISOs set the tone and pace for security teams. As a result, if they’re burnt out, it spreads throughout the security team or company due to the trickle-down effect.

Burnout takes a physical and emotional toll on people, causing them to withdraw and leave their jobs. Not just to another company... but to an entire industry.

Burnout and PTSD

PTSD and Burnout symptoms can be incredibly similar. Some psychologists have stated that burnout is a form of PTSD and have been trying to include burnout as a disability by the ADA and ADAA.

Symptoms of PTSD include:

• Sleep disturbances and nightmares
• Depression or withdrawal
• Mood changes, generalized irritability
• Avoid activities that promote recall of a traumatic event

How burnout causes security teams to be reactive rather than proactive

Employees are expected to work around the clock every single day due to the nature of security. This quickly leads to employees being denied vacation time or, when one member of a team leaves, the rest of the team picks up the slack.

According to the Ponemon Institute, while security response planning is gradually improving, the vast majority of organizations surveyed (74 percent) still report that their plans are ad hoc, applied inconsistently, or do not exist at all. Furthermore, more than half (52%) of those who have security response plans have never reviewed them or have no timetable for doing so. Instead of better planning and less disruption, we throw tools at the problem. Because it is simpler than comprehending the human element's role in this situation. And, spoiler alert, we are exacerbating the situation. Because guess what? When we add tools to it, it was not planned and coordination is lacking, especially in incident response (IR) plans. Additionally, we have no idea how secure these third-party tools are.

Are you feeling stressed out yet? Perhaps, cortisol levels rising?

What are some solutions?

We have entered a new era in business practices. Where we must not only leap to improve workplace culture but also take steps to do so. Rather than just talking, take action. Rather than being reactive, we must become proactive.

View this on-demand session with a downloadable presentation and resources to learn more about possible solutions for burnout on security teams.

Interested in improving your team's cybersecurity skills with threat-informed training to better defend your organization?

Discover Cybrary for Teams, where you can provide team members with clarity on how to learn, grow, and advance their careers within your organization.