Cybersecurity Leader Burnout: Causes and Resources
Cybersecurity leaders face unique work-related stresses that increase their risk of burnout. Are their organizations providing the necessary support to mitigate this risk?
One minute insights:
Most cite extended work hours among the biggest cultural contributors to their experience with burnout
Likewise, having too many responsibilities is the top-reported organizational factor driving respondents’ burnout
Nearly half of respondents say their organization’s resources to cope with or prevent burnout are inadequate
Pressure to work long hours is the most common cultural factor driving burnout
62% of surveyed leaders who have experienced burnout (n = 111) report that pressure to work late nights or weekends has been one of the biggest contributing cultural factors.
Question: Please share any final thoughts on burnout among cybersecurity leaders.
There is a tremendous amount of (constant) pressure on cybersecurity leaders. Blame/pointing fingers, in the case of a security event, is always on your mind... Easing that fear is critical for an organization to reduce the level of burnout.
Excessive responsibilities cited as major organizational factor driving burnout
Among the same group, nearly two-thirds (65%) say that having too many responsibilities has been one of the biggest contributors to their burnout in terms of organizational or technical factors.
Question: Please share any final thoughts on burnout among cybersecurity leaders.
From my perspective, there is a gap between the number of people needed to implement security systems and the number that are needed to handle an active incident. During incidents, the burden on the team can become unbearable, with no way to reduce it.
Almost half say organizational resources for burnout are lacking
Over half (51%) of all respondents (n = 178) indicate their organization provides adequate resources to address burnout, but 46% say these resources are either inadequate or unavailable at their organization.
Question: Please share one or more example(s) of resources you would like your organization to provide that would help cybersecurity leaders cope with and/or reduce the risk of burnout.
I believe resources like quicker access to company-endorsed therapy and lounging areas are nominal at best; in order to deal with frequent burnout, the ‘rushed’ culture of the company needs to change and employee welfare needs to be considered.
In their own words...
Question: Please share one or more example(s) of resources you would like your organization to provide that would help cybersecurity leaders cope with and/or reduce the risk of burnout.
I think that providing the appropriate segregation of duties between normal keep-the-lights-on activities and net new project work needs to occur. If we have our same resources that are working the day-to-day function and then also doing projects, that is where burnout occurs.
We have [an] unlimited vacation policy but it is clear they don’t want you to use it at all. I’d prefer to go back to standard policy so there’s less stigma in taking time off.
We basically need more resources.
Respondent Breakdown
1 Question shown only to respondents who answered “Yes, once” or “Yes, multiple times” to “Burnout in the workplace refers to a state of physical, mental andemotional exhaustion caused by chronic work-related stress. Have you personally experienced burnout in the past 24 months?”
2 Question shown only to respondents who answered “Yes, once”, “Yes, multiple times”, “No, but my team and/or colleagues have” or “No, but I'm concerned about burnout among cybersecurity leaders” to “Burnout in the workplace refers to a state of physical, mental and emotional exhaustion caused by chronicwork-related stress. Have you personally experienced burnout in the past 24 months?” Respondents who answered “No” were eliminated from the survey.
3 Question shown only to respondents who answered “My organization does not provide any resources,” “Resources are less than adequate” or “Resources arecompletely inadequate” to “From your perspective, does your organization provide adequate resources to cope with or reduce the risk of burnout (e.g., benefits related to mental and physical wellness)?