Burnout and fatigue directly contribute towards cyber security breaches

Could there be a correlation between workplace wellbeing and data protection? A new report highlights that this may be the case.

Burnout, anxiety, fatigue and neglect are just some of the descriptors used in the recent Sopho’s The Future of Cybersecurity report to explain the turmoil that a number of IT professionals are going through to minimise security breaches.

Cyber security burnout

Cyber security burnout is a real thing, and it is affecting 86 per cent of cyber security and IT professionals across the industry.

A concerted effort has been put towards protecting and safeguarding cyber security across the country, with the government pushing for Australia to be “the most cyber secure nation by 2030”, pledging $600 million towards implementing new cyber protection strategies.

This big focus, however, is not panning out how they had planned, with boards remaining uneducated on cyber security issues and failing to respond appropriately to these cyber attacks and breaches. This lack of education and direction is adding pressure to IT professionals whose performance is struggling to keep up with the demand.

“At a time when organisations are struggling with cyber security skills shortages and an increasingly complex cyber attack environment, employee stability and performance are critical for providing a solid defence for the business,” said Aaron Bugal, field chief technology officer at Sophos.

Reasons causing the burnouts

The cause cannot be pinpointed to a singular reason; in fact, the report states that a range of causes intertwine to create this burnout that IT professionals and cyber security personnel are reeling from.

1. A lack of resources available to support cyber security activities.
2. The routine aspects of the role, which create a feeling of monotony.
3. An increased level of pressure from the board and/or executive management.
4. Persistent alert overload from tools and systems.
5. Increase in threat activity and the adoption of new technologies that foster a more challenging, always-on environment.

Each of these issues impacts the performance of an industry that, in 2024, is vital to protecting the efficiency of a vast majority of businesses across Australia. Lack of resources, overload and added pressure from administrative bodies directly clash with the grandiose slogan of “the most cyber secure nation by 2030”, and the impacts of these shortcomings are already proving to be extremely damaging.

Impacts on cyber security

The cause of these burnouts has been explained, but the effect highlights a haunting proposition of what the future may hold if these issues are not attended to.

Forty-three per cent of cyber security personnel feel they are not diligent in their performance due to burnout. Twenty-nine per cent experience detachment and cynicism towards their roles and responsibilities. Nine per cent have experienced feelings of guilt, believing they cannot do more in their role to support cyber security activities.

However, the most alarming notion in this report is that 19 per cent of cyber security and IT professionals have identified that cyber security burnout or fatigue contributed to or was directly responsible for a cyber security breach.

“Burnout and fatigue are undermining these areas, and organisations need to step up to provide the right support to employees, especially when, according to our research, 19 per cent of Australian respondents identified that cyber security burnout or fatigue contributed to, or was directly responsible for, a cyber security breach,” said Mr Bugal.

The fallout

Along with the cause of breaches, 17 per cent of companies experienced much slower response times to impactful cyber security incidents, which is resulting in businesses experiencing a productivity loss of 3.8 hours a week between cyber security and IT professionals.

The final nail in the coffin of this debacle is that a number of cyber security and IT professionals are resigning and moving on, attributing stress and, of course, burnout as the main causes. Over 23 per cent of companies are experiencing these resignations, and if strategies are not implemented to combat these issues, we could very well see that number rise.