Cybersecurity demands skill and experience. But it also calls for an engaged, motivated and energetic team. And that’s why tech burnout among staff is not only a mental health problem for the employees, it’s also a cybersecurity vulnerability for their employer.
What Is Burnout, Anyway?
The word ‘burnout’ was first used by psychologist Herbert Freudenberger in 1974. He defined it as a point of mental and physical exhaustion that results from sustained stress.
We all feel stress at work and in our lives. Sometimes we feel stress daily. But after a stressful day, we can go home, relax, forget about work, get a good night’s sleep and feel renewed. That’s not burnout. The problem with burnout is when the stress is sustained and leaves us exhausted. Burnout makes us less productive because in that exhausted state we’re not functioning at our best.
Since Freudenberger’s time, the scope of what we mean by burnout has expanded. Burnout can create a feeling of hopelessness about work, trouble sleeping, withdrawal, aggression, anxiety and more. Burnout goes beyond exhaustion, too. It can affect your mindset. Feelings of cynicism, despair, contempt for others and feeling ineffectual can dominate your thinking.
Where Does Tech Burnout Come From?
Burnout is not a mental illness. But it is a mental health issue. Some 89% of employees surveyed by Korn Ferry in all fields say burnout is a problem, with 38% saying they, themselves, are feeling burnout.
While tech burnout can be a problem for all tech-related staff, burnout is a special problem for cybersecurity workers.
Beyond being overworked and under-resourced, tech burnout can come from a sense that one’s concerns are being dismissed by leadership. The rejection of resources, such as requested staff or tools, leads to burnout when the burden for lacking those resources is felt by the staffers who argued for them.
In other words, that sense of futility, isolation and lack of control is heightened when requests for help are rejected, leaving staff to save the company without the resources they need to do so.
Breaches in security can also trigger burnout. The entire staff works hard to prevent an incident. And when they do occur, a sense of futility and discouragement can arise.
And, of course, burnout leads to errors, both in action and in judgment. Cybersecurity calls on all staff to have full attention and tackle potential threats and problems with great energy and creativity. So, burnout directly impacts the safety of your networks.
Compounding the problem is that burnout encourages top staff to quit. A different survey discovered that around 70% would quit to work at a place with better resources for coping with burnout. When the department is bleeding talent, the resulting understaffing compounds the existing professional shortage and drives even higher rates of burnout among the remaining staff.
Burnout Prevention in the Workplace
While burnout got worse during the pandemic, it will continue to be a challenge in the future. Here are burnout prevention steps you can take to avoid the worst effects among cybersecurity staff:
- Leadership. Addressing burnout starts at the top. It’s vital for managers, team leaders, department heads and the C-suite to tackle this problem.
- Simpler tools. The long sought-after ‘single pane of glass’ dashboard to monitor and manage security tools and incidences is an ideal to be pursued. Disparate, overlapping, redundant and diverse tools contribute to mental overload and burnout, as they mean that human brains are doing work that machines should be doing.
- Smarter tools. In addition to simpler interfaces and more elegant toolsets easing mental burdens, artificial intelligence can offload work as well.
- Real breaks. One impulse is to tell staff feeling burnout to take an extra day off or take a vacation. And while this might help, some creative suggestions for that vacation might help even more. For example: to encourage staff to unplug completely during time off, or not look at any work messages.
- Boundaries. One source of burnout is an erosion of the wall between work and life. Establish a culture where when staff are off, they’re really off, and not half working all the time. Part of this is psychological. It’s important, for example, to wear different clothing at work, to work in a different place (difficult for remote workers, but still needed to prevent remote work burnout) and to use the transition between work and home to mentally reset. Establish the norm of context-setting and compartmentalization. Work is work. Life is life. And the two shouldn’t mix.
- Professional help. Make sure staff have access to mental health workers, so they can talk through their feelings of burnout and come to terms with it, and also learn coping skills.
- Training. Staff awareness efforts should offer coping skills as part of cybersecurity training for preventing burnout. This could include total engagement in leisure like movies, concerts and books, as well as meditation, yoga and breathing exercises.
Burnout among cybersecurity experts is a huge problem for staff, and a serious problem for security. It’s time to get ahead of this growing issue and tackle it head-on.