This year’s Olympics and Paralympic games have been a showcase of the benefits of preparedness, tenacity, and adaptability in achieving success. Olympians require all of these traits, and more, to operate at the very top of their respective disciplines. However, the psychological impact of going for gold, and carrying the expectations of fans nationwide, can be profound. As many as 34% of current elite athletes suffer from stress and anxiety – an issue spotlighted by the likes of Simone Biles and Naomi Oska, in their decision to withdraw from competition and use strategies to actively manage their own mental health.
These are also traits paralleled by cybersecurity professionals tasked with ensuring data security and shielding organizations from serious financial and reputational damage. As with elite sports, the level of pressure facing security professionals exacerbates the risk of burnout. Hack The Box’s recent report on cybersecurity burnout discovered that as many as ‘65% of cybersecurity and infosecurity professionals have experienced stress, fatigue, or burnout due to skill gaps and pressure to perform beyond their capabilities’.
This poses the questions, what are these most significant stresses facing security teams, how can we best mitigate them and are there any learnings we can take from the approach taken by elite sportspeople – like Simone Biles – in improving the state of mental health in cybersecurity?
The Stress Factors
Across both elite sports and cybersecurity the stakes are high. A single mistake or oversight can be the difference between first and last. In the case of cyber teams, it can also be the cause of financial penalties, regulatory non-compliance, and significant public backlash. The need to make quick and accurate decisions, against a backdrop of relentless security challenges, means security professionals often take on long hours and are forced to stay constantly alert and vigilant to new and emerging threats.
With the threat of injuries, the fear of failure, and a need to maintain consistent skill levels, often under public scrutiny, athletes face similar pressure to constantly perform at their best. The burden of responsibility and consistent pressure to perform – whether on race day or during a critical cyber incident – is a huge driver of stress, mental health issues, and ultimately burnout.
Cyber burnout has a massive impact on the ability of cybersecurity teams to maintain the security posture of their organizations. Mental fatigue increases the likelihood of small mistakes being made, and warnings being missed. Similarly, extended staff shortages and high turnover can undermine the stability of cybersecurity strategies and increase overall vulnerability. Hack The Box estimates the productivity cost of burnout to UK businesses to be as much as £130M annually.
The importance of resilience
Despite being amongst the most successful Olympians of all time, Simone Biles has been incredibly open about the mental health issues that she has faced during her career. Her decision to withdraw from several competitions at Tokyo 2020 – a then-unprecedented move – sparked a global discussion on the importance of vocalizing mental health struggles, seeking external support, and using this as a springboard for future success. She built her resiliency by acknowledging what she needed to succeed later down the line.
Of course, there is no silver bullet to fix mental health. However, Biles’ proactivity in discussing burnout and taking a series of active steps to manage her well-being can be a model for cybersecurity professionals.
As an industry, it’s important to build a ‘firewall’ against burnout, employing several strategies at both an organizational and individual level that will reduce the overall impact of stress, and improve employee wellbeing. Cybersecurity professionals should seek to mirror Biles’ proactive approach, including communicating with HR teams, utilizing internal support mechanisms, and ensuring that they are taking their allocated annual leave to recover and reset. There are also opportunities to use external networks and communities to ease pressure and feel prepared for when the time comes to perform.
Human-centric approach
Organizations must take the lead in reducing the impact of burnout. Success ultimately requires a human-centered approach to cybersecurity, whereby businesses are investing in upskilling their teams and creating an environment of collaboration. Diligent assessment of skills gaps present in cybersecurity teams ensures that employees aren’t hamstrung in carrying out their roles, while continuous skills development provides best-in-class tactics to deal with emerging security issues. Beyond this, organizations need to ensure that cybersecurity isn’t siloed, and are explicit on the importance of cyber hygiene across the entire business.
Ultimately, there are several parallels between the stressors facing cybersecurity professionals and those working in elite sports. The constant need to perform at your best and the fear of failure can contribute to mental health issues, and eventually lead to burnout. The approach taken by athletes in proactively understanding and managing these risks, including leveraging internal and external support networks, is something that can be mirrored by those in the cybersecurity industry. By understanding the adverse risk of burnout, organizations can take steps to support the wellbeing of their staff, by addressing skills gaps, and ensuring cybersecurity is prioritized across the business – ultimately – improving job retention and overall security posture.
Haris Pylarinos, Founder and CEO, of Hack The Box