Cybersecurity burnout due to stress, fatigue and mental health is costing hundreds of millions in lost productivity

Stressed worker
(Image credit: Shutterstock)

It’s no secret that cybersecurity professionals are facing the squeeze, with many being hospitalized in the aftermath of ransomware attacks.

But a new report by Hack The Box has found US enterprises are missing out on close to $626 million in lost productivity due to security pros feeling the squeeze on their mental health.

In the UK, the issue is just as prevalent, with £130 million in lost productivity. Threat actors are assembling an ever growing list of tools to use against businesses, prompting organizations to seek out the best the security world has to offer to pit them against new and emerging threats, often to the detriment of their physical and mental wellbeing.

Stress, fatigue and burnout

Mental fatigue, stress and burnout is running rampant, affecting 84% of workers within the cybersecurity industry, the report added.

Combine with this the skills shortage facing the industry, and its no wonder that the job is having such a heavy toll on workers' health. Across the globe, 74% of security pros have taken time off of work due to work-related reductions in their mental health, with the average worker taking almost three and a half sick days per year, resulting in a loss of $626 million for medium and large enterprises in the US.

If this trend continues, it will only compound with current shortages facing the security industry. Nine in ten CISOs are worried that their workforce is under threat by the stress of the job, unstable working hours, and worrying about threats and attacks during their downtime.

With many businesses struggling to fill positions, workers are facing additional pressure to deliver on key tasks and projects, with 89% stating that their workload was too heavy, and 66% burning out as a result of having to perform outside of their skillset.

Businesses are failing to address these issues, contributing further to the stressors faced by security workers, with less than half (44%) of businesses hiring temporary staff to address shortages and cover for permanent staff who have gone off sick. And while over three out of five (62%) workers are pushing for businesses to offer “opportunities to learn new skills” as a way to battle the mental health crisis facing the industry, less than half (47%) of businesses are providing upskilling platforms to their employees.

African Business Team Working On Computer. Software App Development

(Image credit: Shutterstock / Andrey_Popov)

“Cybersecurity professionals are at the forefront of a battle they know they are going to lose at some point, it is just a matter of time. It’s a challenging industry and businesses need to recognize that without motivation, cybersecurity professionals won’t be at the top of their game,” said Haris Pylarinos, Founder and CEO at Hack The Box.

“We’ve worked with both cybersecurity and business leaders to understand the challenges the industry faces. What we’ve discovered shows just how difficult the job is and that there is a significant gap of understanding between the board and the professionals,” Pylarinos continued.

“We’re calling for business leaders to work more closely with cybersecurity professionals to make mental well-being a priority and actually provide the solutions they need to succeed. It’s not just the right thing to do, it makes business sense.” 

“We know we have a part to play too in making the industry better. As part of our Cyber Performance Center, we see the solution to bridging that gap as an investment in people’s careers, development, and well-being, which results in a better security posture and improved alignment of cybersecurity with business objectives,” Pylarinos concluded.

There is some good news however, with my industry experts stating that AI tools could help reduce the levels of burnout by taking over the monotonous and repetitive work, allowing cyber professionals to focus on the critical tasks and reducing fatigue. However, ensuring that the AI tools are integrated into the workplace in the right way to focus on the right tasks is essential, as a poorly integrated system can present more risk than reward.

Hack The Box recommends that businesses should focus on creating comprehensive professional development plans and clear career paths for their employees to pursue, alongside opportunities to develop and practice new skills through tabletop exercises, simulations and cutting edge technologies.

More from TechRadar Pro

Benedict Collins
Staff Writer (Security)

Benedict has been writing about security issues for close to 5 years, at first covering geopolitics and international relations while at the University of Buckingham. During this time he studied BA Politics with Journalism, for which he received a second-class honours (upper division). Benedict then continued his studies at a postgraduate level and achieved a distinction in MA Security, Intelligence and Diplomacy. Benedict transitioned his security interests towards cybersecurity upon joining TechRadar Pro as a Staff Writer, focussing on state-sponsored threat actors, malware, social engineering, and national security. Benedict is also an expert on B2B security products, including firewalls, antivirus, endpoint security, and password management.