As we delve deeper as an industry into the intersection of emotional well-being and cybersecurity, it has become more evident than ever before that workplace culture profoundly impacts cyber risk. It is critical we all recognise industry-specific challenges in a cyber-mature manner, so we can effectively support underserved sectors. It is important that we explore the implications of burnout on cybersecurity maturity within the Charity and SME (Small and Medium-sized Enterprises) sectors, to better understand how we can equip them to succeed with their future Cyber capabilities.
Charity
Burnout in the charity sector not only affects the well-being of employees but also poses significant risks to an organisation’s cybersecurity posture. With a turnover rate of 18.1% compared to the private sector’s 11.7% (Source: TPP Recruitment), the charity sector faces a constant challenge of retaining skilled personnel. This turnover leads to gaps in both knowledge and experience, of both operations and best-practice, leaving organisations increasingly vulnerable to cyber threats. A high turnover rate may result in the following:
- Incomplete annual awareness training.
- Secure systems expertise lost.
- Incorrect handling of sensitive information due to inconsistencies in procedures.
There are several contributing factors to the sector’s high turnover rate, but the alarming statistic that nearly a third of charities reported an increase in staff burnout in 2023 paints a clear picture of a leading cause. Defined simply, burnout is a state of chronic stress characterised by emotional exhaustion, cynicism or detachment from work, and a sense of reduced accomplishment or effectiveness. Staff within the charity sector are especially vulnerable to burnout for a multitude of reasons, most notably, compassion fatigue, and the increasing concerns around the cost of living. Compassion fatigue is a state of emotional and physical exhaustion caused by the prolonged exposure to the suffering or distress of others, often experienced by professionals in helping professions. Considering this, coupled with the overt fact that staff in the charity sector are paid lower salaries due to a lack of funding, which may lead to financial pressures outside of their working environment, it is easy to see how staff become burnt out. Fatigued employees are more prone to overlooking security protocols, falling victim to social engineering tactics, or neglecting basic cybersecurity practices.
Addressing burnout in the charity sector is crucial not only for safeguarding employee well-being but also for strengthening cybersecurity defences. Ultimately, recognising the interconnectedness of employee well-being and cybersecurity resilience is essential for the long-term sustainability and effectiveness of charitable organisations in an increasingly digitised world.
SMEs
Small Medium Enterprises (SME) similarly experience the symptoms and repercussions of burnout and cyber-fatigue. Burnout within the SME sector poses significant ramifications for cybersecurity posture. 2023 statistics demonstrate that approximately 2.9 million business owners across the UK are experiencing burnout (Source:FreeAgent). The burnout for SMEs presents a real challenge, with the causes typically varying from those that we see within the Charity sector. SMEs are often operating with limited resources and personnel, and the pressure of scaling a business can produce additional risks. When business owners experience burnout in the SME sector, there can be a variety of cyber-consequences. These can include:
- Increased likelihood of falling to cyber threats as a result of cognitive impairments caused by burnout such as limited attention to detail.
- Increased likelihood of being victim to clicking malicious links.
- Neglecting ‘best practice’ in favour of operational efficiency.
In contrast to the charity sector, the strain of burnout can also compromise the implementation of robust cybersecurity measures as an enterprise grows, as exhausted business owners may prioritise immediate operational needs over investing in cybersecurity defences. Additionally, burnout can strain relationships within SME teams, hindering effective communication and collaboration necessary for maintaining strong human cybersecurity defences, such as reporting culture and open communication. The consequences of burnout extend beyond individual owners, impacting the overall organisational culture and resilience to cyber threats.
Conclusions
In conclusion, as we unravel the intricate relationship between emotional well-being and cybersecurity, it becomes increasingly apparent that workplace culture serves as a crucial determinant of cyber risk. By acknowledging and addressing the unique challenges faced by underserved sectors such as charities and SMEs, we can better equip them to navigate the complexities of cybersecurity in today’s digital landscape. Burnout emerges as a common thread, significantly impacting both sectors and posing formidable obstacles to cybersecurity maturity. Within the charity sector, the alarming turnover rate coupled with increased staff burnout underscores the pressing need to prioritise employee well-being to fortify cybersecurity defences. Similarly, in the SME sector, the projected prevalence of burnout among business owners highlights the urgent necessity to mitigate its adverse effects on cybersecurity posture.
At CybAid, we strive to take the strain of Cyber off Charities and SMEs, through providing pro-bono Cyber Security support to eligible organisations. Our volunteers work collaboratively with our clients to build trust and deliver Cyber Security solutions tailored to their organisation’s practical requirements, but also culture – because Cyber is not everyone’s first language.