According to Hack The Box, cybersecurity and information security experts say work-related stress, fatigue and burnout result in reduced productivity, including extended sick leave, costing U.S. companies approximately $626 million in lost productivity each year.
Cybersecurity has become a critical role for businesses, as evidenced by the inclusion of CISOs on the board of directors. With a 600% increase in the number of threats since the pandemic, criminal groups proliferating, and new technologies emerging, the industry is in need of high-performing professionals. However, the industry is facing a mental health crisis, with 84% of employees experiencing stress, fatigue, and burnout.
The economic impact of burnout and stress
Poor mental health in the workplace is costing the industry millions of dollars amid a growing skills shortage: 74% of cybersecurity professionals globally say they have taken time off work due to work-related mental health issues, with staff reporting an average of 3.4 days of sickness absence per year due to work-related mental health issues.
This also leads to reduced productivity, with an average of 3.4 hours of work lost per month, or 5.1 days per year, due to poor mental health. This loss of productivity is costing the industry more than $626 million per year in losses for mid-to-large US companies alone.
The survey also shows there’s a big understanding gap between boards and cyber teams. 90% of CISOs say they’re concerned about the impact of stress, fatigue and burnout on employee wellbeing, but only 47% of CEOs are similarly concerned about the impact of stress, fatigue and burnout on their cybersecurity teams on increased errors. This understanding gap is a lack of priority across the board.
Additionally, there is a gap in the causes of burnout: 66% of business leaders worldwide say the main reason their cybersecurity professionals are working beyond their contracted hours is because of increased and unpredictable cybersecurity threats after hours.
Understaffing and Lack of Training Drive Cyber Burnout
In contrast, 89% of cybersecurity professionals say that the workload, amount of projects they have to complete, and the time it takes to complete tasks are the main causes of burnout. Additionally, they feel pressured to deliver outside of their skill set, which is the second leading cause of burnout at 66%.
This gap creates problems as companies try to offer disconnected solutions. When it comes to workload issues, only 44% of companies hire additional contingent staff to avoid burnout and stress when teams become overburdened. Additionally, while cybersecurity professionals are looking for skillset-based solutions, only 47% of companies outsource upskilling platforms and providers to ensure employees have the latest training and tools to perform their roles.
“Cybersecurity professionals are on the front lines of a battle they know will be lost – it’s just a matter of time. This is a hard industry and companies need to realize that cybersecurity professionals won’t rise to the top without motivation. We’ve been working with both cybersecurity and business leaders to understand the challenges facing the industry. What we’ve found shows how hard the job is and that there is a huge understanding gap between boards and professionals,” said Haris Pilarinos, CEO of Hack The Box.
“We are calling on business leaders to work more closely with cybersecurity experts to prioritise mental health and actually provide them with the solutions they need to succeed. Not only is it the right thing to do, it also makes good business sense,” Pilarinos concluded.
“Stress, burnout and mental health in cybersecurity are at an all-time high, and it’s not just affecting junior members of the team, but all the way up to the CISO level,” said Sarb Sembhi, CTO at Virtually Informed.
“This is a difficult topic to address as it is a very personal issue for individuals, but building the right support and processes can bring a lot of benefits to people and businesses. Cybersecurity professionals need to be given the tools to effectively manage the stressful situation of a cyber crisis. We have seen how a cybersecurity crisis can have the same impact on an individual as severe physical trauma. This is shocking. Professionals need to work together, otherwise the most experienced professionals will be left without the means to protect vital services and departments of their businesses,” Sembhi added.
