Addressing cybersecurity burnout
Generative AI evolution, digital decentralizing, supply chain interdependencies, regulatory change, endemic talent shortages and a constantly evolving threat landscape: these are the top cybersecurity trends, according to Gartner. None of those come as a surprise, but do we know how to handle them best?
Six trends impacting the CISO’s role
The following six trends will have broad impact in the changing digital world, Gartner says:
- GenAI driving data security programs
The rise of GenAI is transforming data security programmes, shifting focus to protect unstructured data — text, images and videos. This shift highlights evolving priorities that leaders must navigate as they communicate GenAI’s influence on their programs.
- Managing machine identities
Security and risk management (SRM) leaders are under pressure to build a strategy to implement robust machine identity and access management to protect against attacks. Increasing adoption of GenAI, cloud services, automation and DevOps practices, has led to the prolific use of machine accounts and credentials for physical devices and software workloads. If left uncontrolled and unmanaged, machine identities can significantly expand an organization's attack surface.
- Tactical AI
SRM leaders are facing mixed results with their AI implementations, leading them to reprioritize their initiatives and focus on narrower use cases with direct measurable impacts. These more tactical implementations align AI practices and tools with existing metrics, fit them into existing initiatives, and enhance visibility of the real value of AI investments.
- Cybersecurity technology optimization
With an average of 45 cybersecurity tools per organization, SRM leaders need to optimize their toolsets to build more efficient and effective security programs, aiming for a balance that procurement, security architects, security engineers, and other stakeholders are satisfied with to maintain the right security posture.
- Extending security behavior and culture program value
This trend is accelerating as organizations recognize that human behavior - both good and bad - is a crucial factor in cybersecurity. Consequently, culture and behavior-focused initiatives have emerged as key strategies for enhancing cyber-risk awareness and accountability, marking a strategic shift toward integrating security into the organizational culture.
- Addressing cybersecurity burnout
SRM leader and security team burnout is a key concern for an industry already impacted by a systemic skills shortage, according to Gartner. This pervasive stress stems from relentless demands associated with securing highly complex organizations in constantly changing threat, regulatory and business environments, with limited authority, executive support and resources.
Cybersecurity burnout
Gartner is not the first to highlight the worrying trend of cybersecurity burnout, as this is becoming a key concern for many organizations. The cybersecurity burnout crisis is reaching the breaking point, Forbes reported in October of last year. As organizations contend with increasingly sophisticated cyber threats - such as AI-driven attacks, ransomware, and data exfiltration - CISOs are facing longer work hours and tighter resource constraints.
A study from BlackFog revealed that nearly a quarter of CISOs and IT Security Decision Makers are actively considering leaving their roles, with 93% citing overwhelming stress as the key driver. This growing cybersecurity burnout crisis has a direct impact on organizations, and highlights the urgent need for businesses to better support their security teams, Forbes said.
Organizations must take action to address the cybersecurity burnout crisis before it undermines their ability to protect against the very threats they are working so hard to defend, Forbes said. And this goes beyond offering flexible hours or offering remote-working options: security leaders need increased budgets and resources. By investing additional resources, organizations can ease workload pressures, enabling CISOs to take a more strategic approach to cybersecurity.
“Building a supportive culture is equally important. Leadership teams must actively engage with their security leaders, not only to understand the challenges they face but to foster an environment where mental health and well-being are prioritized. Encouraging CISOs to take time off, disconnect from work when possible, and seek mental health support can reduce the long-term risk of burnout,” the article added.
