How Do Cybersecurity Leaders Address Employee Burnout?
Cybersecurity employees face myriad internal and external pressures that can lead to burnout. What are the consequences of employee burnout and how are leaders reducing this risk?
Want more insights like these?
Join our community
No selling.
No recruiting.
No self promotion.
More like this
2024 Marketing Priorities and Challenges: Insights from the Field
View insights
HR benchmarking report for total rewards strategy at multigenerational organizations
View insights
Impact & Perceptions of A Privacy-First Digital Era
View insightsOne minute insights:
Most point to unrealistic expectations and long hours as the most significant contributors to cybersecurity employee burnout
Half of surveyed leaders saw their cybersecurity employees quit due to burnout
Nearly two-thirds are offering flexible scheduling options to mitigate the risk of employee burnout
Unrealistic expectations among top contributing factors to employee burnout
Over half (56%) of all respondents (n = 144) report that one or more of their cybersecurity employees experienced burnout in the past 12 months.
Have any of your cybersecurity employees experienced burnout in the past 12 months?1
n = 144
Among leaders whose employees dealt with burnout during this period (n = 80), 54% cite unrealistic expectations as one of the most significant contributing factors.
Based on your personal understanding, which of the following factors have been the most significant contributors to your employee(s) experience(s) with burnout? Select up to 3.
Security function blamed if business goals aren’t achieved 33% | Evolving threat landscape 31% | Middle managers lack leadership training 28% | Complex technical environment 28% | Lack of recognition 26% | Lack of clarity around responsibilities 23% | Alert fatigue (i.e., abundance of false positives from monitoring tools) 14% | Pressure to address low-priority tasks before others 13% | Unclear definition of success 11% | Not sure 0% | Other 0%
Please join or sign in to view more content.
By joining the Peer Community, you'll get:
- Peer Discussions and Polls
- One-Minute Insights
- Connect with like-minded individuals
Question: Please share any final thoughts on burnout among cybersecurity employees.
Workload is excessive because of budget constraints and availability of qualified candidates.
Alert fatigue is pushing our team to the limits at times, with multiple systems sending out alerts 24/7.
Cybersecurity employee burnout not often disclosed, commonly leads to quitting
The majority (73%) of these leaders became aware of their cybersecurity employees’ burnout through their own observation, while only 21% say employees disclosed it themselves.
In most cases, did you learn that your cybersecurity employee(s) were experiencing burnout through observation, or did they explicitly disclose their experience (e.g., to yourself, another manager, or HR)?
And in the past 12 months, 50% saw their cybersecurity employees subsequently quit as a result of burnout.
In the past 12 months, did any of your cybersecurity employees quit as a result of their experience(s) with burnout?
Question: Please share any final thoughts on burnout among cybersecurity employees.
The constant pressure and out-of-hours call outs take their toll.
Burnout is a very serious challenge and a silent one. Employees do not always come forward until it is too late.
Leaders look to mitigate cyber employee burnout risk with flexible scheduling
Most leaders (64%) whose cybersecurity employees have burned out over the past 12 months are addressing this risk with flexible scheduling. 46% are doing so by expanding wellness benefits or hiring more staff.
Which of the following strategies are you using to reduce the risk of burnout for your cybersecurity employees? Select all that apply.
Modeling good work-life balance (e.g., setting professional boundaries, scheduling breaks) 35% | Introducing recognition initiatives 34% | Enforcing mandatory PTO 31% | Improving communication between managers and employees 29% | Raising awareness about signs of burnout 29% | Providing leadership training for middle managers 28% | Prioritizing automation to streamline workflows 26% | Increasing PTO allowance 23% | Implementing new tools 16% | Other* 1% n = 80 *Other includes: Financial benefits
Question: Please share any final thoughts on burnout among cybersecurity employees.
Less complex tooling and more automated remediation options are needed in cybersecurity to help reduce burnout.
Need more training and support from third party providers.
In their own words...
Question: Please share any final thoughts on burnout among cybersecurity employees.
Burn out is a real risk, and it takes time to recover. A weekend, even a week, doesn't cut it.
I have seen this many times during my career. As Michigan CISO, I saw it with my staff. As I travel the country, I see it all the time on other teams that tell me they are experiencing burnout.
There needs to be more organisational awareness of, and support for, burnout. [Organizations] seem oblivious to what it is and how their culture can cause it and/or normalise it. Staff tend to get the brush off until they start getting booked off sick, and even then, there's still no real support once staff return from sick leave.
4-day work weeks [are] needed.
Respondent Breakdown
