The roots of cyber stress: Cyber employees can feel pressure for a number of reasons. Many sense they have to maintain a constant state of vigilance to spot any phishing, ransomware and social engineering threats that come in. Many fear that one wrong click, by them or by a colleague, could compromise the company and put their job at risk. Others feel a sense of “compliance overload,” having to deal with repeated password changes, MFA steps and security awareness training.More than half of the respondents to the Object First survey said their heavy workloads and understaffed teams contributed the most stress, followed by concerns about cyberattacks and the pressure to maintain uptime and service availability. Nearly everybody (85%) experienced security-related stress at some level, while 31% said they face consistent stress at least once a week.This kind of sustained stress saps motivation, causes mental fatigue, triggers physical health issues and generally reduces workers’ sense of purpose to the point where it hurts their overall performance. Stressed, fatigued workers are more likely to make mistakes and put organizations at greater risk of breaches and security.Companies that prioritize employee wellbeing and mental health stand the best chance of solving this issue. Problem is, not everybody is doing so. According to the Object First survey, 50% of IT and security employees felt their companies aren’t doing enough to deal with the growing mental health crisis.CSOs certainly can’t solve the burnout issue alone. Companies need to make cybersecurity burnout a priority issue for their boards and for the C-suite as a whole. But CSOs and CIOs to have an important role to play. Here are some moves they can make to lower the pressure their staff are feeling.
Build a safe culture: Protecting an organization from cyber incidents is a scary process, and employees are facing constant fear that incidents will escalate and they’ll get blamed. CSOs should set up processes where escalation is encouraged and post-incident discussions focus on ways the whole team can improve. Celebrating early detection, and not just incident containment, will improve performance and lessen tensions.Reduce the noise: Burnout can often be caused by structural issues that are out of line: too much work, too little staffing, too much noise from unfiltered alerts, faulty systems and too much pressure from being on call. CSOs should review operations and practices to make sure staff aren’t overloaded with work or focused too heavily on reactive tasks.Provide resources: Stress can take a toll on mental health. While HR should take the lead in providing mental-health and resilience programs, CSOs should provide guidance and watch for signs that employees need individualized attention.Make sure team members feel “seen”: Recognition, in the form of awards or just shared discussions of work done well, can go a long way to reducing long-term, collective stress. Some CSOs set up regular 1:1 meetings or group sessions they encourage cyber workers to share examples of stressful situations on the job. When CSOs see employees heading toward burnout, nudging them to unplug and recharge can often lower stress to a manageable level.The cybersecurity mental health crisis is real. The pressure to be the last line of cyber defense is taking a serious toll on professionals’ mental health and job performance, and it’s time to provide them with more support. CSOs can send a powerful message that well-being isn’t optional, it’s essential for businesses to stay resilient in the face of more frequent, complex cyber threats.This article is published as part of the Foundry Expert Contributor Network.Want to join?
First seen on csoonline.com
Jump to article: www.csoonline.com/article/4112130/stress-caused-by-cybersecurity-threats-is-taking-its-toll.html
