Cybersecurity demands skill and experience. But it also calls for an engaged, motivated and energetic team. And that’s why tech burnout among staff is not only a mental health problem for the employees, it’s also a cybersecurity vulnerability for their employer.

What Is Burnout, Anyway? 

The word ‘burnout’ was first used by psychologist Herbert Freudenberger in 1974. He defined it as a point of mental and physical exhaustion that results from sustained stress.

We all feel stress at work and in our lives. Sometimes we feel stress daily. But after a stressful day, we can go home, relax, forget about work, get a good night’s sleep and feel renewed. That’s not burnout. The problem with burnout is when the stress is sustained and leaves us exhausted. Burnout makes us less productive because in that exhausted state we’re not functioning at our best.

Since Freudenberger’s time, the scope of what we mean by burnout has expanded. Burnout can create a feeling of hopelessness about work, trouble sleeping, withdrawal, aggression, anxiety and more. Burnout goes beyond exhaustion, too. It can affect your mindset. Feelings of cynicism, despair, contempt for others and feeling ineffectual can dominate your thinking.

Where Does Tech Burnout Come From?

Burnout is not a mental illness. But it is a mental health issue. Some 89% of employees surveyed by Korn Ferry in all fields say burnout is a problem, with 38% saying they, themselves, are feeling burnout.

While tech burnout can be a problem for all tech-related staff, burnout is a special problem for cybersecurity workers.

Beyond being overworked and under-resourced, tech burnout can come from a sense that one’s concerns are being dismissed by leadership. The rejection of resources, such as requested staff or tools, leads to burnout when the burden for lacking those resources is felt by the staffers who argued for them.

In other words, that sense of futility, isolation and lack of control is heightened when requests for help are rejected, leaving staff to save the company without the resources they need to do so.

Breaches in security can also trigger burnout. The entire staff works hard to prevent an incident. And when they do occur, a sense of futility and discouragement can arise.

And, of course, burnout leads to errors, both in action and in judgment. Cybersecurity calls on all staff to have full attention and tackle potential threats and problems with great energy and creativity. So, burnout directly impacts the safety of your networks.

Compounding the problem is that burnout encourages top staff to quit. A different survey discovered that around 70% would quit to work at a place with better resources for coping with burnout. When the department is bleeding talent, the resulting understaffing compounds the existing professional shortage and drives even higher rates of burnout among the remaining staff.

Burnout Prevention in the Workplace

While burnout got worse during the pandemic, it will continue to be a challenge in the future. Here are burnout prevention steps you can take to avoid the worst effects among cybersecurity staff:

  • Leadership. Addressing burnout starts at the top. It’s vital for managers, team leaders, department heads and the C-suite to tackle this problem.
  • Simpler tools. The long sought-after ‘single pane of glass’ dashboard to monitor and manage security tools and incidences is an ideal to be pursued. Disparate, overlapping, redundant and diverse tools contribute to mental overload and burnout, as they mean that human brains are doing work that machines should be doing.
  • Smarter tools. In addition to simpler interfaces and more elegant toolsets easing mental burdens, artificial intelligence can offload work as well.
  • Real breaks. One impulse is to tell staff feeling burnout to take an extra day off or take a vacation. And while this might help, some creative suggestions for that vacation might help even more. For example: to encourage staff to unplug completely during time off, or not look at any work messages.
  • Boundaries. One source of burnout is an erosion of the wall between work and life. Establish a culture where when staff are off, they’re really off, and not half working all the time. Part of this is psychological. It’s important, for example, to wear different clothing at work, to work in a different place (difficult for remote workers, but still needed to prevent remote work burnout) and to use the transition between work and home to mentally reset. Establish the norm of context-setting and compartmentalization. Work is work. Life is life. And the two shouldn’t mix.
  • Professional help. Make sure staff have access to mental health workers, so they can talk through their feelings of burnout and come to terms with it, and also learn coping skills.
  • Training. Staff awareness efforts should offer coping skills as part of cybersecurity training for preventing burnout. This could include total engagement in leisure like movies, concerts and books, as well as meditation, yoga and breathing exercises.

Burnout among cybersecurity experts is a huge problem for staff, and a serious problem for security. It’s time to get ahead of this growing issue and tackle it head-on.

More from CISO

How to Solve the People Problem in Cybersecurity

You may think this article is going to discuss how users are one of the biggest challenges to cybersecurity. After all, employees are known to click on unverified links, download malicious files and neglect to change their passwords. And then there are those who use their personal devices for business purposes and put the network at risk. Yes, all those people can cause issues for cybersecurity. But the people who are usually blamed for cybersecurity issues wouldn’t have such an…

The Cyber Battle: Why We Need More Women to Win it

It is a well-known fact that the cybersecurity industry lacks people and is in need of more skilled cyber professionals every day. In 2022, the industry was short of more than 3 million people. This is in the context of workforce growth by almost half a million in 2021 year over year per recent research. Stemming from the lack of professionals, diversity — or as the UN says, “leaving nobody behind” — becomes difficult to realize. In 2021, women made…

Backdoor Deployment and Ransomware: Top Threats Identified in X-Force Threat Intelligence Index 2023

Deployment of backdoors was the number one action on objective taken by threat actors last year, according to the 2023 IBM Security X-Force Threat Intelligence Index — a comprehensive analysis of our research data collected throughout the year. Backdoor access is now among the hottest commodities on the dark web and can sell for thousands of dollars, compared to credit card data — which can go for as low as $10. On the dark web — a veritable eBay for…

Detecting the Undetected: The Risk to Your Info

IBM’s Advanced Threat Detection and Response Team (ATDR) has seen an increase in the malware family known as information stealers in the wild over the past year. Info stealers are malware with the capability of scanning for and exfiltrating data and credentials from your device. When executed, they begin scanning for and copying various directories that usually contain some sort of sensitive information or credentials including web and login data from Chrome, Firefox, and Microsoft Edge. In other instances, they…