With the COVID-19 pandemic showing no sign of abating, cyber security professionals need support now more than ever. Unaddressed mental health issues not only lead to stress and burnout but burnout, when left unchecked, can have detrimental ramifications to business security. The more you can do to help support your employees and to raise awareness of stress and burnout in cyber security and infosec, the more likely your business is to weather the storm and retain the employees experiencing tough times. Lest we forget, those same employees have committed months, years, or even decades to your operation.
The Impact Of Covid-19: Stress And Burnout In Cyber Security
There are a number of factors that increase stress and burnout in a cyber security landscape. Firstly, a rise in the number of cyber attacks driven by the COVID-19 pandemic. The speed of innovation where cyber threat management is concerned is increasing rapidly, but the speed at which cyber attacks are happening and evolving is racing to the match. The cyber industry saw a 72% to 105% spike in ransomware attacks and 22% of all data breaches in 2020 involved some form of phishing attack. As a result, many cyber security professionals are simply trying to stay ahead of the curve when called into the rescue.
Alongside an increasing workload, countless professionals from vastly differing sectors in the UK also began working remotely, almost overnight. Around 54% of home workers are currently operating without using a Virtual Private Network (VPN), likely increasing the risk of personal and company data becoming compromised. As 2 in 5 remote workers in the UK are considered to be more vulnerable to cyber attacks, the lack of investment in cyber security awareness training in organisations is evident.
There is also a noticeable skills shortage in the cyber security industry, and with ever-increasing regulation, experts having to secure masses of data in multiple places fear losing their job or being disciplined. As a result, many do not seek help when they feel overwhelmed and find themselves in a position of crippling stress and burnout.
Cyber Security Employers: Can They Reboot The Workforce?
So, what is burnout? And can we press reboot? Burnout is a reaction to prolonged or chronic job stress and is characterised by three main things – exhaustion, cynicism, and having feelings of reduced professional ability, such as having less identification with your job. If you find yourself identifying with these things, you may be at risk of burnout. If left unchecked, you or those around you suffering may develop an increased risk of experiencing depression and anxiety disorders.
Often, stress and burnout will manifest themselves with bouts of insomnia, a decline in performance at work, increased/adopted use of drugs or alcohol, over or under eating, taking increased sick days, withdrawing from hobbies or activities that were once enjoyed, experiencing a loss of motivation and feeling physically and mentally exhausted.
In extreme situations, Infosec and cyber security professionals can develop post-traumatic stress disorder (PTSD). Although this is dissimilar from the PTSD that veterans suffer from, it can prove debilitating. Many professionals are first-hand witnesses to cyber attacks that result in lasting damage to the organisations they help protect. This can manifest as guilt carried over into future work, a permanent reminder of the worst possible outcome. PTSD can set in when cyber security professionals notice signs that signal a reminder of past incidents, causing them to relive the moment and its emotional turmoil.
So, How Do We Overcome Cyber Security Occupational Hazards?
Step One – Ethical Hacking:
Hacking Your Employees Mental Health At Work
There are many ways that organisations can support employees in identifying and addressing mental health, stress, and burnout before it escalates.
The first step to building a meaningful conversation around mental health in cyber security is to identify the problem. Cyber security professionals should be encouraged to talk about their mental health experience and wellbeing. Employers who foster a strong culture within an organisation and enable professionals to vocalise their stress levels might offer counselling and psychological resources to mission-critical employees. The show of commitment of firms to helping employees deal with stress and burnout is likely to lead to higher productivity and job satisfaction.
Supportive management and qualified mental health first aiders enable employees to understand their own experience and symptoms, seek help and find the right tools to manage their lives. Be it by requesting much-needed productive adjustments to their everyday work environment or engaging in stronger professional lines of communication, by aiding the demands of the individual employee, organisations enhance the quality of the output across the business.
Simply creating a quiet area to take a break or take some ‘me’ time is a small change that could help to make a big difference. Training managers on how to best support their team’s emotional integrity can develop strong, honest, frank communication and managerial styles and encourage those struggling to ask for help, without fear of ramifications.
Step two: Work Smarter, Not Harder
Provide Training And Recognition
Keeping up with the ever-evolving threat landscape is extremely challenging, especially since the COVID-19 pandemic arrived. Many employees feel overwhelmed with the challenges that have surfaced. Many juggle day-to-day job tasks and feel a need to continuously update their skill sets. It is more important than ever that employees feel they contribute something of value, so investing in their professional development and training will pay dividends. It will also demonstrate that you value their efforts to keep your organisation safe during times of uncertainty. Employers offering employees seminars, training courses, resources, and educational activities can help release cyber security professionals of their pent up job insecurities, as well as boost their morale.
Up Your Recruitment Needs
Despite business needs, a growing cyber skills gap means increased recruitment is easier said than done. However, if you are in a fortunate position, an easy way to manage team stress is by recruiting more cyber security professionals to distribute workloads. Jobs set up on rotation where appropriate, should help to relieve the pressure and share the burden of responsibility so that individuals are aware of their role in overcoming specific issues.
Have A Backup Cyber Security Team
Therefore, where appropriate, outsourcing security operations to a Managed Service Provider (MSP) will help to take the pressure off your existing team and could be more cost-effective for your business. By commissioning a dedicated outsourced team to manage time-taxing areas your organisation struggles to manage internally, your internal security team can focus on higher security risk tasks within employee remits.
If you find yourself feeling stressed or burnt out, consider doing the following to help.
Ethical Hacking: Hacking Your Own Mental Health At Work
- Communicate to colleagues and family members about how you are feeling.
- Consider whether your working environment is right for you e.g. working hours, time off/out, workplace culture, etc, and if you need to make changes discuss these with your manager.
- Conduct an emotional needs audit on yourself and identify which of your needs are not being met and why. Set positive and achievable goals to help get those needs met and seek help at work if required.
- Leave space between meetings – if you are experiencing video call fatigue, ensure you leave breaks in between calls to regroup, conduct any admin, and process the feedback/ideas discussed on the call.
- Attend virtual social events and devise creative ways to bond with your work team and family – restrictions aren’t in place with online quizzes!
- Whistle-blow negative behaviour – workplaces that tolerate bullying or harassment experience inefficiency, high staff turnover, and poor relationships within teams at all levels. Your employer will want to be aware of your experience, no matter how painful, to improve processes and safeguard the business and staff members. You may not be alone!
- Align your body’s energy patterns to your work and plan your work accordingly i.e. do tasks that require more brainpower when you feel most energetic and do easier admin tasks at other opportunities.
Ethical hacking: Hacking Mental Health When You’re Not At Work
- Partake in regular exercise but don’t put pressure on the activity, simply enjoy yourself and forgive your limitations.
- Use reframing to not take things personally (challenge assumptions, look for learning opportunities in situations, ask what’s good about a situation, etc.) to rationalise a situation i.e. stand back from the problem and question whether another angle can be found. The question is whether it’s as bad as it first appeared.
- Use wellbeing related apps (e.g. Headspace).
- Mindfulness – use short mindful exercises, take regular breaks, eat mindfully, focus on one task at a time, be present and pay attention, be mindful in all communications and make time for self-reflection.
- Relaxation techniques – e.g. 7/11 breathing, muscle tension/relaxation, guided visualisation, etc.
Our Advice: Stress and burnout are reaching epidemic levels amongst cyber security professionals. According to a recent study from CREST, stress has increased exponentially during the COVID-19 crisis. The study shows that:
- Nearly 1 in 3 security teams have experienced tremendous stress during the pandemic
- 27% of cyber security professionals believe that their stress levels have greatly affected their ability to do their job.
- 235 Cyber Security professionals have claimed stress has adversely affected their relationships outside of work.
Stress in the Cyber Security and Infosec sectors is an accelerating problem. However, many cyber security professionals remain passionate about what they do. Even when the job is stressful, most value the potential they have to make a difference. Lest we not forget their contribution. As employers, we have the power and privilege to make a difference in our industry.