New research from threat detection specialist Vectra reveals very worrying rise of health and mental pressures on security professionals
New research from threat detection specialist Vectra has revealed how the skills shortage, coupled with increasing number of differing cyber threats, is ramping up the pressure on cybersecurity professionals.
Indeed, so serious are the pressures at the moment on security professions, that 50 percent of security leaders report they are ready to throw in the towel.
This and other findings were revealed in Vectra’s report entitled “Breaking Point: Is mounting pressure creating a ticking time bomb for a health crisis in security.”
The Vectra report surveyed 200 IT security decision-makers and worryingly, the findings unearthed that security professionals are becoming increasingly vulnerable to severe mental and physical health issues.
Indeed, the report found that nearly all (94 percent) of security leaders felt increased pressure to keep their company safe from cyber-attacks in the past year.
Indeed, two out of five security professionals said they had to seek help because of the impact of work-related stress – including migraines, panic attacks, or high blood pressure.
The surmounting effects of stress IT and security experts are facing pushes many to reconsider their careers. Half reported feeling burnt out and ready to throw in the towel.
And the reason is clear, with cyberattacks continuing to increase, placing more pressure on cybersecurity professionals. Indeed, one in three respondents confirmed they had suffered a major security incident over the past twelve months – often resulting in finger-pointing, long hours, and damage to team morale.
This has resulted in one in five saying the incident caused their mental health to decline severely.
According to Vectra, the data suggests that this is part of a broader problem, with several security pros becoming over-whelmed and at risk of more severe mental and physical health issues:
- 51 percent of respondents experienced negative emotions such as depression, anger, or anxiety due to feeling overwhelmed by work;
- 56 percent have had sleepless nights worrying about work;
- 42 percent have dreaded going into work and have called in sick because they couldn’t face working.
“These stats should be a wake-up call. Security teams and their leaders need support to shift away from the constant cycle of over-working and anxiety,” noted Steve Cottrell, EMEA CTO at Vectra AI.
“Security leaders shouldn’t always be the ones to feel the blame when something goes wrong,” said Cottrell. “In most cases, CISOs will have requested budget, assets, and changes that weren’t signed off – so they must be ready to remind the board that security is a shared responsibility.”
“After all, we are all on the same team,” said Cottrell. “With an improved focus on workforce wellbeing, increased investment, better training, and the right tooling, we can start turning the tide.”
But what exactly is damaging the wellbeing of cybersecurity teams? Well it seems that one of the big problems is the skills shortages.
The Vectra report found that two-thirds (67 percent) of respondents say they don’t have enough talent on their team, with almost one-in-five (17 percent) saying it feels like each person is doing the workload of three.
This results in a workplace environment where security leaders are working more hours than ever but still cannot cover their workload, living in constant fire-fighting mode.
Research from Cloudreach last month backed this up, as it found that a clear majority of IT managers were very worried about the ongoing digital skills gap, which is hampering cloud transformations.
Meanwhile another issue identified by Vectra that is impacting cybersecurity professionals is the changing IT environments and evolving threats – both of which are adding complexity to the cyber role.
Indeed, respondents highlighted rising concerns about ransomware or cyberattacks within their supply chain that could hurt their organisation, and some respondents claim that the issue has given them sleepless nights.
And finally lack of visibility is also a contributing factor, with 92 percent of respondents saying they’ve been worried about their ability to spot legitimate threats amidst a growing volume of security alerts.
The vast majority of respondents said they’d had concerns that cloud adoption was adding to IT complexity and mounting cyber-risk.
“Often anxiety comes when we are facing a problem, we don’t have clarity on,” said Vectra’s CTO Cottrell. “That’s life in security, where environments are complex, and attackers frequently change their approach.”
“Today, every aspect of the enterprise – physical and virtual – is under attack; down to the very code we build with, as seen with Log4j,” said Cottrell. “This is where having a threat-led approach to security can be useful. By having a view of the top threats that are likely to impact your business, you can prioritise investments that will help build resiliency to those specific risks, allowing you to prevent, detect, respond and recover in a more effective way.”
“Also, by investing in automation, you can lead a cultural change where everyone is a security professional, helping to spread the load,” Cottrellconcluded.
Vectra provided the following helpful links for security professionals who are feeling pressured and struggling to stay afloat:
- Mind resources on combatting workplace stress;
- A report from the security industry association CREST on recognising signs of stress;
- The online Psybersecurity Clinic from Dr. Ryan Louie.