Cyber Security Staff Burnout Costs Firms $600m A Year

Uploaded on 2024-06-25 in NEWS-Cybersecurity News, JOBS-Careers, FREE TO VIEW

Cybersecurity professionals say that work-related stress, fatigue, and burnout are making them less productive, including taking extended sick leave, costing US enterprises almost $626 million and UK enterprises almost £130 million in lost productivity every year.

That’s according to a new study, “Building a firewall against cybersecurity burnout”, recently released  by Hack The Box.

British and US enterprises may be throwing away hundreds of millions because of productivity losses due to burned-out cyber security staff, according to Hack The Box. The skills specialist calculated the sum by first working out the average daily wage for cyber security professionals, using Infosecurity Institute figures. It then used its own stats revealing the average number of sick days taken per year per worker (3.4) and average number of days lost to poor productivity (5.1), assuming an eight-hour working day. These figures were then extrapolated out according to the number of cyber security professionals in the US and UK, and total number of days lost.

According to Hack The Box. UK employers may be losing a combined $130m annually, while their US counterparts could be down by as much as $626m due to lost productivity.

The research pointed the blame squarely at employee burnout. It claimed 84% of responding cyber security professionals are experiencing stress, fatigue and burnout due to the rapid pace of technological change, mounting threat volumes and being forced to perform outside their skillset. It added that three-quarters (74%) have taken time off due to work-related mental well-being problems.

Interestingly, 90% of CISOs globally said they are concerned about the impact of stress, fatigue and burnout on their security team’s well-being, versus just 47% of CEOs. 

“What we’ve discovered shows just how difficult the job is and that there is a significant gap of understanding between the board and the professionals,” said Haris Pylarinos, CEO at Hack The Box. “We’re calling for business leaders to work more closely with cyber security professionals to make mental well-being a priority and actually provide the solutions they need to succeed. It’s not just the right thing to do, it makes business sense.”

Commenting on this, Jamie Ahktar, Co-Founder and CEO at CyberSmart said "Hack the Box’s study echoes the findings of our report on SMEs and the cost of living crisis from 2023. Whether through stress or overwork, employee burnout poses a security risk for all businesses."

Tired, stressed staff are far more likely to make security mistakes that lead to breaches or even develop a negative view of their employer and turn to malicious acts.

“So how do we counter this? In the long term, we need to put time and investment into the next generation of cyber security professionals, not least by presenting it as an exciting and fulfilling career opportunity for young people... we need to do two things: upskill the existing workforce with basic cyber skills and automate those elements of security that can be performed without intensive human intervention." Ahtar said.

Hack the Box   |    Infosecurity Magazine   |    Cybersmart   |    CIISEC

Image: Andrea Piacquadio

You Might Also Read: 

Under Pressure - Can CISOs Avoid Burnout?:

___________________________________________________________________________________________

If you like this website and use the comprehensive 7,000-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible

 

« AI & Cloud Are At The Intersection Of Cyber Security
How To Effectively Detect & Prevent SAP Threats »

ManageEngine
CyberSecurity Jobsite
Check Point
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

ZenGRC

ZenGRC

ZenGRC (formerly Reciprocity) is a leader in the GRC SaaS landscape, offering robust and intuitive products designed to make compliance straightforward and efficient.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

IOActive

IOActive

IOActive serves as a trusted security advisor to the Global 500 and other progressive enterprises, helping to safeguard their most important assets and improve their overall security posture.

Continuity Shop

Continuity Shop

Continuity Shop provides training and consultancy in Business Continuity and Information Security to some of the world's biggest organisations.

ThaiCERT

ThaiCERT

ThaiCERT is the national Computer Security Incident Response Team (CSIRT) for Thailand.

evoila

evoila

evoila GmbH is one of the leading providers in consulting, analysis, implementation and management of cloud infrastructure.

ISC2

ISC2

ISC2 is an international, non-profit membership association for information security leaders. Our information security certifications are recognized as the global standard for excellence.

NovaTech Automation

NovaTech Automation

NovaTech products and services make the world’s power grids and essential process industries more reliable, efficient, sustainable and secure.

Nok Nok Labs

Nok Nok Labs

Nok Nok is a market leader in next generation authentication for cloud, mobile and IoT applications.

CLDigital

CLDigital

CLDigital's no-code risk and resilience platform, CL360, provides leaders with risk and resilience data to make strategic and tactical continuity decisions.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

ECOS Technology

ECOS Technology

ECOS Technology specializes in the development and sale of IT solutions for high-security remote access as well as the management of certificates and smart cards.

Pentest Limited

Pentest Limited

Pentest Limited provide information security consultation, penetration testing & red teaming services to companies across the globe.

Aura

Aura

Aura is a mission driven technology company dedicated to creating a safer internet for everyone. We’re making comprehensive digital security that's simple to understand and easy to use.

Xeol

Xeol

Software free of vulnerabilities, built and distributed by trusted entities. Our mission is to help customers secure their software from code to deploy.

Driven Technologies

Driven Technologies

Driven is a cloud native service provider transforming the way companies leverage technology to improve business by securing, modernizing, and connecting applications, users, and data.

Access Talent Today

Access Talent Today

Access Talent Today is an AI/ML and cyber security talent provider.

EGUARDIAN

EGUARDIAN

EGUARDIAN serves as a Value-Added Distributor and technology enabler in the APAC region with the aim of further expanding globally and cater to the needs of the demands with the emerging technology.