How Do Cybersecurity Leaders Address Employee Burnout?
Cybersecurity employees face myriad internal and external pressures that can lead to burnout. What are the consequences of employee burnout and how are leaders reducing this risk?
One minute insights:
Most point to unrealistic expectations and long hours as the most significant contributors to cybersecurity employee burnout
Half of surveyed leaders saw their cybersecurity employees quit due to burnout
Nearly two-thirds are offering flexible scheduling options to mitigate the risk of employee burnout
Unrealistic expectations among top contributing factors to employee burnout
Over half (56%) of all respondents (n = 144) report that one or more of their cybersecurity employees experienced burnout in the past 12 months.
Among leaders whose employees dealt with burnout during this period (n = 80), 54% cite unrealistic expectations as one of the most significant contributing factors.
Question: Please share any final thoughts on burnout among cybersecurity employees.
Workload is excessive because of budget constraints and availability of qualified candidates.
Alert fatigue is pushing our team to the limits at times, with multiple systems sending out alerts 24/7.
Cybersecurity employee burnout not often disclosed, commonly leads to quitting
The majority (73%) of these leaders became aware of their cybersecurity employees’ burnout through their own observation, while only 21% say employees disclosed it themselves.
And in the past 12 months, 50% saw their cybersecurity employees subsequently quit as a result of burnout.
Question: Please share any final thoughts on burnout among cybersecurity employees.
The constant pressure and out-of-hours call outs take their toll.
Burnout is a very serious challenge and a silent one. Employees do not always come forward until it is too late.
Leaders look to mitigate cyber employee burnout risk with flexible scheduling
Most leaders (64%) whose cybersecurity employees have burned out over the past 12 months are addressing this risk with flexible scheduling. 46% are doing so by expanding wellness benefits or hiring more staff.
Question: Please share any final thoughts on burnout among cybersecurity employees.
Less complex tooling and more automated remediation options are needed in cybersecurity to help reduce burnout.
Need more training and support from third party providers.
In their own words...
Question: Please share any final thoughts on burnout among cybersecurity employees.
Burn out is a real risk, and it takes time to recover. A weekend, even a week, doesn't cut it.
I have seen this many times during my career. As Michigan CISO, I saw it with my staff. As I travel the country, I see it all the time on other teams that tell me they are experiencing burnout.
There needs to be more organisational awareness of, and support for, burnout. [Organizations] seem oblivious to what it is and how their culture can cause it and/or normalise it. Staff tend to get the brush off until they start getting booked off sick, and even then, there's still no real support once staff return from sick leave.
4-day work weeks [are] needed.