Cyber Security Staff Burnout Costs Firms $600m A Year

Uploaded on 2024-06-25 in NEWS-Cybersecurity News, JOBS-Careers, FREE TO VIEW

Cybersecurity professionals say that work-related stress, fatigue, and burnout are making them less productive, including taking extended sick leave, costing US enterprises almost $626 million and UK enterprises almost £130 million in lost productivity every year.

That’s according to a new study, “Building a firewall against cybersecurity burnout”, recently released  by Hack The Box.

British and US enterprises may be throwing away hundreds of millions because of productivity losses due to burned-out cyber security staff, according to Hack The Box. The skills specialist calculated the sum by first working out the average daily wage for cyber security professionals, using Infosecurity Institute figures. It then used its own stats revealing the average number of sick days taken per year per worker (3.4) and average number of days lost to poor productivity (5.1), assuming an eight-hour working day. These figures were then extrapolated out according to the number of cyber security professionals in the US and UK, and total number of days lost.

According to Hack The Box. UK employers may be losing a combined $130m annually, while their US counterparts could be down by as much as $626m due to lost productivity.

The research pointed the blame squarely at employee burnout. It claimed 84% of responding cyber security professionals are experiencing stress, fatigue and burnout due to the rapid pace of technological change, mounting threat volumes and being forced to perform outside their skillset. It added that three-quarters (74%) have taken time off due to work-related mental well-being problems.

Interestingly, 90% of CISOs globally said they are concerned about the impact of stress, fatigue and burnout on their security team’s well-being, versus just 47% of CEOs. 

“What we’ve discovered shows just how difficult the job is and that there is a significant gap of understanding between the board and the professionals,” said Haris Pylarinos, CEO at Hack The Box. “We’re calling for business leaders to work more closely with cyber security professionals to make mental well-being a priority and actually provide the solutions they need to succeed. It’s not just the right thing to do, it makes business sense.”

Commenting on this, Jamie Ahktar, Co-Founder and CEO at CyberSmart said "Hack the Box’s study echoes the findings of our report on SMEs and the cost of living crisis from 2023. Whether through stress or overwork, employee burnout poses a security risk for all businesses."

Tired, stressed staff are far more likely to make security mistakes that lead to breaches or even develop a negative view of their employer and turn to malicious acts.

“So how do we counter this? In the long term, we need to put time and investment into the next generation of cyber security professionals, not least by presenting it as an exciting and fulfilling career opportunity for young people... we need to do two things: upskill the existing workforce with basic cyber skills and automate those elements of security that can be performed without intensive human intervention." Ahtar said.

Hack the Box   |    Infosecurity Magazine   |    Cybersmart   |    CIISEC

Image: Andrea Piacquadio

You Might Also Read: 

Under Pressure - Can CISOs Avoid Burnout?:

___________________________________________________________________________________________

If you like this website and use the comprehensive 7,000-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible

 

« AI & Cloud Are At The Intersection Of Cyber Security
How To Effectively Detect & Prevent SAP Threats »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

Fortify Experts

Fortify Experts

Fortify Experts is a search and recruitment firm specializing in Cyber Security.

Spherical Defense

Spherical Defense

Spherical Defense offers an alternative approach to WAFs and first generation API security tools.

Secure Soft

Secure Soft

Secure Soft are experts in Computer and Information Security with a presence in Peru, Colombia and Ecuador.

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

Watch this webinar to hear security experts from Amazon Web Services (AWS) and SANS break down the myths and realities of what an NGFW is, how to use one, and what it can do for your security posture.

Emirates International Accreditation Center (EIAC)

Emirates International Accreditation Center (EIAC)

EIACI is the national accreditation body for the United Arab Emirates. The directory of members provides details of organisations offering certification services for ISO 27001.

CyberSecurityTrainingCourses.com

CyberSecurityTrainingCourses.com

Cyber Security Training Courses is a portal to help candidates find the best courses to progress their career within the IT security industry.

CybExer Technologies

CybExer Technologies

CybExer provide an on-premise, easily deployable solution for complex technical cyber security exercises based on experience in military grade ranges.

Augusta HiTech

Augusta HiTech

Augusta Hitech is a focused product development, software services and technology consulting company. Our Vision is to become the most socially impactful and innovative technology company in the world

Solidified

Solidified

Solidified is the largest audit platform for smart contracts. Our community has the highest concentration of top Blockchain security specialists and best-in-class code auditors.

Parameter Security

Parameter Security

Parameter Security is a provider of ethical hacking and information security services.

Nitrokey

Nitrokey

Nitrokey is the world-leading company in open source security hardware. Nitrokey develops IT security hardware for data encryption, key management and user authentication.

BaaSid

BaaSid

BaaSid is next generation security technology for data security & security authentication based on De-centralized & Blockchain.

BigBear.ai

BigBear.ai

BigBear.ai delivers high-end analytics capabilities across the data and digital spectrum to deliver information superiority and decision support.

Apollo Information Systems

Apollo Information Systems

Apollo is a value-added reseller that provides our clients with the complete set of cybersecurity and networking services and solutions.

DeltaSpike

DeltaSpike

DeltaSpike empowers individuals and organizations worldwide through its comprehensive cybersecurity solutions.

JustunSecure

JustunSecure

JustunSecure is dedicated to promoting information technology and cybersecurity in Africa.