For many years, security analysts have consistently prioritized their jobs over their mental health. Now, the cracks are starting to show. Burnt-out, overwhelmed analysts are another silent cybersecurity epidemic organizations have to manage. According to Gartner, 50% of cybersecurity leaders will move to different roles by 2025 due to workplace stress and burnout. CISOs need to address the lack of importance given to mental health before it's too late.
Burnout is included as an "occupational phenomenon" in the 11th Revision of the International Classification of Diseases (ICD-11). It is defined by the World Health Organization as a syndrome caused by the unsuccessful management of workplace stress. Energy depletion, feelings of negativity or cynicism towards one's job, and decrease in personal efficacy are three listed symptoms of burnout.
Security burnout affects business outcomes as much as it does individual efficacy. In a survey by Enterprise Strategy Group and the Information Systems Security Association, two-thirds of IT security professionals described their job as "difficult" and nearly half of them are considering leaving their jobs. This could lead to continuous shrinkage in SOC teams on top of the existing demand-supply gap. A smaller SOC team could mean increased risk of data breaches and a higher possibility of financial and reputation loss.
CISOs have a tough row to hoe. Along with the primary responsibility of improving the security maturity of their organizations, they are also tasked with fostering highly productive security teams. This involves addressing the various issues affecting the mental health of security analysts, such as burnout, motivation levels, and lack of security automation.
Four ways in which CISOs can approach this include acknowledging burnout in security teams, providing in-house support and healthcare, implementing an effective backup plan, and investing in AI-based security tools.
Let us explore them in detail.
Every member at every level, whether it is a CISO, SOC manager, or analyst, may experience burnout. While analysts deal with an endless stream of alerts, CISOs and SOC managers have to confront the fear of being held responsible for any sudden cybersecurity incident as well as its repercussions.
There is a need for increased mental health awareness in security teams. Attackers continue to employ sophisticated techniques to breach enterprise networks and come up with new ways to deploy social engineering techniques. Foresight and proactive strategies are the need of the hour. Organizations have to prioritize creating an atmosphere of safety and mental well-being to ensure the best minds on the security team can perform to the fullest. This will not only address the issue of employee burnout but also enhance organizations' security posture and reduce the possibility of data breaches to a large extent.
You will receive regular updates on the latest news on cybersecurity.
© 2021 Zoho Corporation Pvt. Ltd. All rights reserved.