Eskenzi PR ad banner Eskenzi PR ad banner
  • About Us
Tuesday, 7 July, 2026
IT Security Guru
Eskenzi PR banner
  • Home
  • Features
  • Insight
  • Channel News
  • Events
    • Most Inspiring Women in Cyber 2026
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us
No Result
View All Result
  • Home
  • Features
  • Insight
  • Channel News
  • Events
    • Most Inspiring Women in Cyber 2026
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us
No Result
View All Result
IT Security Guru
No Result
View All Result

Cyber-burnout: The hidden cost of a security career

How combatting cybercrime can affect mental health

by The Gurus
June 17, 2020
in Opinions & Analysis, Top 10 Stories
mental health
Share on FacebookShare on Twitter

by Corin Imai, senior security advisor at DomainTools

Cybercrime and mental health issues are both rampant. This article will look at how mental health issues can leave organisations more at risk to cybercrime, and how combatting cybercrime can affect mental health. 

Professional burnout is defined as a work-related condition of stress causing exhaustion, a sense of reduced accomplishment and loss of personal identity. Extensive literature exists about this phenomenon in relations to healthcare professionals, who need to make important decisions day to day, work under great pressure and with significant resource constraints. Recently, however, professional burnout has come to be associated with the cybersecurity industry. 

New technologies equate to new challenges from a security perspective, which fall on the shoulders of cybersecurity teams. It doesn’t help that digital transformation has significantly widened the attack surface that security practitioners need to protect, that new compliance rules are coming into effect globally, and that threats continue to evolve to evade detection. To add to the problem, these teams are chronically understaffed, overworked and operate with constrained budgets they need to fight very hard to obtain.  

Therefore, perhaps unsurprisingly, security professionals have started reporting high stress levels and symptoms compatible with burnout.

The Price of Stress  

A survey conducted by Exabeam found that sixty-two percent of cybersecurity professionals cite that they are stressed or very stressed at their jobs, and 44% don’t feel like they are achieving a work/life balance.

Certainly, the links between stress and physical health, as well as stress and performance, have been widely documented. One study that looked specifically at the effects of repetition, fatigue and work environment on human error in manufacturing industries found that as much as 48.8% of variance in human error can be explained by these four factors.

While no specific statistics exist to describe which proportion of human errors in cybersecurity teams is due to burnout symptoms, we can expect at least some of the 90% of security breaches due to human error to be associated with the high level of stress that experienced by IT security professionals.

This translates to high employee turnover: CISOs only have an average tenure of 26 months, and a report from the Ponemon institute found that the problem extends far beyond the C-suite. In fact, 65% of IT and security professionals consider quitting their job due to burnout, a worrying statistic that could place further burden on an already resource constrained industry. 

The Solutions 

Offer specific mental health resources

Employees should feel comfortable talking about their mental wellbeing. The culture of your organization should allow professionals to be vocal about their level of stress, and there should be a commitment to offer counselling and psychological resources to help them cope with the demands of their mission-critical day job. 

Identifying the problem is the first step to build a meaningful conversation around mental health in IT security functions. Managers should educate themselves on how to best offer their teams support, building a frank and honest like of communication to encourage individuals to discuss their concerns and symptoms, and refer them to the appropriate resources. 

In an insightful talk at Black Hat 2018, Rhett Greenhagen, Senior Security Researcher for McAfee’s Advanced Programs Group, who was diagnosed with Asperger syndrome at the age of 12, stressed the importance of tailoring the workplace to the needs of all employees. From encouraging employees to seek professional attention to help them understand their symptoms to remaining attuned to everyone’s requirement – being that having a quiet area where to take a break, or taking some time off their day to walk and unwind – there are several small changes that can make a dramatic difference in security practitioners’ everyday wellbeing. 

Boost the recruitment drive 

It’s easier said than done, but recruiting more security personnel is the first step to ensure that professionals aren’t overworked and have the chance to set up jobs on a rotation basis (when appropriate). 

Appointing more security leaders can also help relieve the pressure and share the burden of responsibility, so that everyone knows what they need to do to tackle specific problems and won’t have to deal with the confusion of picking up the pieces when one individual leaves.

Consider a backup team 

Recruiting and retaining talent is difficult, and perhaps bringing in an external team could be more cost effective for your business. Nowadays, there are managed service providers to suit the specific needs of virtually any organisation, with packages that suit businesses of all sizes. 

You can choose to outsource all or just some of your security operations, allowing your internal team to focus on what you consider to be higher security tasks, while a dedicated team takes care of anything that you may struggle to manage internally. 

Automate mundane tasks

According to a recent survey DomainTools conducted with the Ponemon Institute, one of the main reasons why automation is introduced by enterprises is to reduce security practitioners’ workload and the time they need to spend on mundane and repetitive tasks. 

While it needs to be carefully planned to make sure it will integrate with other security solutions, and that training will be provided to ensure that the workforce has the necessary skills to operate it, an automation tool can greatly improve the efficiency of the IT Security Function, allowing humans to focus where they are most needed. 

Provide training and recognition

Keeping up with the evolving threat landscape is demanding and time consuming and can leave employees feeling overwhelmed by the challenge of juggling the tasks of their day-to-day role and the need to continuously upskill. For this reason, offering employees training courses, seminars and educational activities will boost morale and release some of the pressure that weighs on IT security professionals. Provide your team with up-to-date, on-hand playbooks and material on recent training experiences that they can refer to in case of an incident.

It’s important for staff to feel valued and investing in their professional development and training is one of the ways to show them that you recognize the efforts they put in keeping your organization safe. 

Create space for employees to take a break

Without having to go to the lengths of Google, where $5,000 sleep-pods were installed for employees to take naps during their breaks, organizations can reorganize their space to make sure there are areas allocated for security teams to relax and wave the stress away. 

Implementing policies such as required breaks and off-time is ultimately beneficial to efficiency, as workers will get back to work refreshed and will perform better, as well as feel their health and wellbeing is valued by their employer. 

Ultimately, cybersecurity may be in some ways an inherently high-stress profession, but by turning our attention to the problem there is no reason why the situation shouldn’t be alleviated. Prevention is always better than the cure, and communication and education remain the key to create a supportive, positive culture, where employees feel they can speak up and where managers are able to recognise the signs of burnout and have the knowledge and the resources to address them.

ShareTweet
Previous Post

Hackers exploiting Magento vulnerability, FBI warns

Next Post

Untangling the Verizon Data Breach Investigation Report 2020

Recent News

pentesting

Pentesting is dead. Long live pentesting.

July 3, 2026
AI Appreciation Day: Celebrating Progress, Embracing Responsibility

The industries being reimagined by AI

July 2, 2026
geopolitical cyber report

Iran-linked MuddyWater espionage campaign targets organisations across four continents

July 1, 2026
Check Point Brings Cloud Firewall to AWS European Sovereign Cloud

Check Point Brings Cloud Firewall to AWS European Sovereign Cloud

July 1, 2026

The IT Security Guru offers a daily news digest of all the best breaking IT security news stories first thing in the morning! Rather than you having to trawl through all the news feeds to find out what’s cooking, you can quickly get everything you need from this site!

Our Address: 10 London Mews, London, W2 1HY

Follow Us

© 2015 - 2024 IT Security Guru - Website Managed by Dessol

  • About Us
Manage Consent
To provide the best experiences, we use technologies like cookies to store and/or access device information. Consenting to these technologies will allow us to process data such as browsing behavior or unique IDs on this site. Not consenting or withdrawing consent, may adversely affect certain features and functions.
Functional Always active
The technical storage or access is strictly necessary for the legitimate purpose of enabling the use of a specific service explicitly requested by the subscriber or user, or for the sole purpose of carrying out the transmission of a communication over an electronic communications network.
Preferences
The technical storage or access is necessary for the legitimate purpose of storing preferences that are not requested by the subscriber or user.
Statistics
The technical storage or access that is used exclusively for statistical purposes. The technical storage or access that is used exclusively for anonymous statistical purposes. Without a subpoena, voluntary compliance on the part of your Internet Service Provider, or additional records from a third party, information stored or retrieved for this purpose alone cannot usually be used to identify you.
Marketing
The technical storage or access is required to create user profiles to send advertising, or to track the user on a website or across several websites for similar marketing purposes.
  • Manage options
  • Manage services
  • Manage {vendor_count} vendors
  • Read more about these purposes
View preferences
  • {title}
  • {title}
  • {title}
No Result
View All Result
  • Home
  • Features
  • Insight
  • Channel News
  • Events
    • Most Inspiring Women in Cyber 2026
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us

© 2015 - 2024 IT Security Guru - Website Managed by Dessol