How employee burnout can compromise a firm’s cybersecurity

Brian Martin from Integrity360 reveals the impact of employee burnout on organisational cybersecurity.

Cybersecurity professionals are faced with the task of preventing cyber-attacks 100% of the time, while attackers only need to be successful once.

We’re all increasingly aware of the toll that evolving cyber threats are having on businesses and how they operate, but what about the people who deal with these threats on a daily basis?

“It’s time for businesses to prioritise their most valuable asset – their people – and examine the policies and processes in place to tackle growing levels of burnout. Otherwise, their company could end up paying the price”

Security professionals today are grappling with a rising tide of security alerts, creating immense pressures that can leave them stressed and burned out.

A recent poll by Integrity360 found that 35% of cybersecurity professionals cited employee burnout as the most concerning issue when it came to increasing cyber threats.

Meanwhile, many organisations are lacking the experience, skills and bandwidth needed to detect and manage security incidents quickly and effectively, especially in the hybrid workplace.

There’s a major shortage of IT skills globally and many organisations are understaffed and/or under-skilled in the area of cybersecurity. It’s time for businesses to prioritise their most valuable asset – their people – and examine the policies and processes in place to tackle growing levels of burnout. Otherwise, their company could end up paying the price.

Evolving threat landscape

The threat landscape is continually evolving and cybersecurity professionals are dealing with increasingly sophisticated attacks. Many are also struggling with alert fatigue, as the volume of tools and platforms available can lead to an overwhelming amount of alerts to assess. A number of these potential hazards can also turn out to be ‘false positives’, or alerts that incorrectly indicate malicious activity, leading to unnecessary strain on already limited resources.

In addition, it’s not just about responding to threats; it’s about being proactive. Security professionals must ensure that systems are patched and up-to-date, all while keeping on top of the changing landscape and managing day-to-day tasks.

The support of a third-party partner can help to bridge the skills gap and build out capabilities around organisational cybersecurity, therefore reducing the burden on in-house IT teams. These providers possess not just the infrastructure and the skills, they can scale as needed and are more cost-effective, eliminating the need to invest in expensive tools and training. The market for managed detection and response (MDR) is the fastest growing area in cybersecurity. In fact, Gartner predicts that by 2025, 60% of organisations will be actively using remote threat disruption and containment capabilities delivered directly by MDR providers, up from 30% today.

While people are indeed an organisation’s most valuable asset, they’re also the weakest link when it comes to cybersecurity. Phishing and ransomware remain the biggest threats and if employees are tired or overworked, potential risks can be easily missed. Should an attack occur, businesses need to have a tried and tested incident response plan in place, regularly performing drills to measure its effectiveness.

Employee awareness training is also key here. Organisations must ensure that employees at all levels of the business are educated about how to protect themselves (and the company) from these threats. Even a basic level of training can boost awareness of cyber threats within an organisation, therefore vastly reducing the number of incidents and allowing IT staff to focus on more business-critical tasks.

If cybersecurity staff are overwhelmed and under pressure, this can lead to burnout which leads to breaches. In turn, this can mean a financial cost, reputational damage and a negative impact on business performance or service delivery. If data is compromised due to a breach, this could also have consequences in relation to GDPR and data compliance.

Cyber criminals don’t clock out

The acceleration of the digital workplace has undoubtedly had a significant impact on organisational cybersecurity. Many businesses are now operating in decentralised environments with a greater number of devices and locations to manage. Employees are finding it harder to switch off and are often working outside of traditional office hours.

Meanwhile, cybersecurity professionals are working longer hours to cope with this increased demand on their resources. Cyber criminals don’t clock out at 5; it’s a 24/7 job and the increased availability of potential targets, coupled with the mammoth workload of IT staff, increases the chance of a successful attack.

There isn’t necessarily one industry or sector being impacted by cyber-attacks more than others, and organisations of all sizes are potential targets. However, financial institutions will always be rich pickings and need to be especially vigilant. Mid-size organisations struggle the most – they are big enough to be significant targets, but may not have the resources for sufficient cybersecurity, which can then fall to a small number of people already doing other jobs.

Smaller organisations historically felt safer as their systems were typically on-premise, but this is changing with digitalisation and the move to software as a service (SaaS) applications. In fact, IT departments are often only aware of a third of SaaS applications used for business purposes, opening up potential gaps for exploitation.

According to Integrity360’s latest poll, organisations are looking to implement critical security measures to ensure greater threat detection and response in 2023, with identity and access management (30%) and cloud security (30%) on top of the agenda.

Technology can certainly help to alleviate some of the strain on cybersecurity professionals, but it’s about finding the right balance. Cybersecurity teams are under mounting pressure to tackle the complexity of the modern workplace and the necessity to protect corporate data wherever it resides. It’s therefore essential for businesses to address the growing issue of burnout which will not only benefit employees but will have a direct and positive impact on customers and the organisation as a whole.

Brian Martin
Brian Martin is Director of Product Management at Integrity360.