Burnout among cybersecurity teams driving data breaches: survey

'Harsh' findings reveal cybersecurity professionals are told 'that's just how it is'

Burnout among cybersecurity teams driving data breaches: survey

Burnout among IT professionals is making organisations more vulnerable to data breaches - but "harsh" findings indicate that IT leaders seem to normalise this level of fatigue among staff.

These are the findings released by security analytics company Devo Technology, which surveyed 200 IT security professionals in the backdrop of a labour shortage in an evolving field of work.

According to the poll, 83% of IT security professionals said they or someone in their department has committed errors due to burnout that have led to a security breach. Another 77% said their stress levels at work directly affected their ability to keep customer data safe.

"These findings are a harsh wake-up call for enterprise leaders but also provide an opportunity for change," said Devo CEO Marc van Zadelhoff in a media release.

"Caring for security teams isn't just a 'nice thing' to do. It's the right thing to do for both the individuals working the frontlines and the broader business."

Burnout normalised in cybersecurity

But taking care of security teams do not appear to be the case for many organisations, according to the survey. In fact, 82% of the respondents said they've been told that stress and burnout are just a normal part of their job.

"Burnout is a persistent issue in the cybersecurity world, and unfortunately, too many security practitioners are told that's just how it is," said Devo CISO Kayla Williams in a statement.

Another 45% of IT professionals also revealed their leadership hasn't responded proactively to employee burnout. They said they were hoping for more training, mentorship, and development.

Burnout hitting retention

Devo's findings come as employers put more premium on cybersecurity amid developing cyberthreats that could hit their organisation.

This level of priority, however, is hiking demand to the point of outpacing the supply of cybersecurity professionals - which is now short of 3.5 million individuals.

Cybersecurity Ventures reported early this year that global cybersecurity job vacancies grew by 350%, from one million in 2013 to 3.5 million in 2021.

This figure remained this year, and Cybersecurity Ventures said the disparity between demand and supply for cybersecurity professionals will remain until at least 2025.

The current mental state of cybersecurity professionals will likely affect these numbers - as Devo's findings revealed that 24% of its respondents admitted they will leave the industry entirely due to burnout.

Another 85% said they will leave their roles because of burnout.

Williams said it is imperative that leaders listen and understand the needs of their teams even if they are dealing with their own stressors.

"Organisations that proactively provide staff with training, solutions, and mental health resources have healthier and happier security teams and are more secure because of it."