The vast majority of IT security professionals admit stress has led them and peers to make errors that have caused data breaches, according to Devo Technology.
Recent estimates put the shortage of cybersecurity professionals at 3.5 million. The survey demonstrates that in addition to the mental and physical toll stress takes on these under-resourced teams, their struggles also directly affect their organization’s security posture.
The business impact of burnout
Burnout isn’t just a people problem; it is a business problem that negatively impacts a company’s ability to safeguard its data, reputation, and bottom line.
Respondents to the survey reported several concerning trends that, if left unaddressed by CISOs and company leadership, could result in costly turnover, financial damages from regulatory fines, and lost consumer trust.
83% of IT security professionals admit they or someone in their department has made errors due to burnout that have led to a security breach.
85% say they anticipate they will leave their role due to burnout; 24% say they’ll leave cybersecurity entirely. 77% say stress levels at work directly affect their ability to keep customer data safe.
“These findings are a harsh wake-up call for enterprise leaders but also provide an opportunity for change,” said Marc van Zadelhoff, CEO, Devo. “Caring for security teams isn’t just a ‘nice thing’ to do. It’s the right thing to do for both the individuals working the frontlines and the broader business.”
IT professionals seek more support
The survey also uncovered a deep disconnect between security leadership and their teams. Even though over half of the respondents reported that alert fatigue has caused increased anxiety or feelings of depression, they don’t think stress and burnout issues are taken seriously.
76% agree their IT leadership would not last one full day dealing with the number of alerts they manage.
45% of IT professionals felt their leadership hasn’t responded proactively to employee burnout and wished their leaders would offer additional training, mentorship, and development. 82% say they’ve been told stress and burnout is just a normal part of their job.
“Burnout is a persistent issue in the cybersecurity world, and unfortunately, too many security practitioners are told that’s just how it is. While CISOs deal with their own stressors, it’s imperative for leaders to always listen to and understand the needs of their teams,” said Kayla Williams, CISO, Devo. “Organizations that proactively provide staff with training, solutions, and mental health resources have healthier and happier security teams and are more secure because of it.”