CISOs at risk? A relation between burnout and cyber threats
In the majority of companies, the IT and security departments are targeted most by cybercriminals. Combined with the fact that three-quarters of cybersecurity professionals in the Netherlands are suffering from burnout symptoms, this might indicate that cybercriminals are taking advantage of the growing mental load of CISOs and other cybersecurity professionals, according to SoSafe’s 2024 Human Risk Review.
Mental health
74% of cybersecurity professionals are dealing with burnout symptoms. Of that group, 49% have serious burnout complaints and 25% have moderate symptoms. But what contributes to the deteriorating mental health of these professionals?
According to the research, key factors include high workplace pressure, long and overtime working hours, excessive workloads, and increasing cyber risks. Those key risks include new technologies such as generative AI, geopolitical developments and shifts, and concerns about supply chain security.
Another contributing factor is a staff shortage in the sector. According to a ISC2 2023 Workforce Study, the cybersecurity sector is facing around 274,000 unfilled positions in the EU alone. Globally, there are around 3.9 million cybersecurity roles still unfilled and 29% more workers are needed to fill the gap.
Taking advantage
According to the report, criminals seem to seize this issue as an opportunity. 71% of the respondents in the research have indicated that their IT/security departments are the most targeted within their company. This percentage is significantly higher than for Finance, with 30%, or Sales, with 19%.
Burnout symptoms are not only a problem for people’s mental and physical health, they also pose significant risks to organizations, Sosafe adds. Increased stress and burnout often lead to mistakes, and professionals might also overlook potential risks more easily. In the research, 70% of IT security professionals acknowledged that burnout has led to mistakes in their department, resulting in security breaches.
Taking measures
Considering all the consequences, organizations are increasingly acknowledging the importance of taking measures to improve the mental burden and workload for CISOs and cybersecurity professionals. They do so by actively involving senior executives and board members in cybersecurity governance and decision-making and raising cybersecurity budgets. However, the report notes that while progress is being made, there is still a long way to go to fully address the pressures and challenges in the field.