New VMware research highlights cybersecurity staff burnout concerns

A VMware report has revealed concerns that many security professionals are struggling with increased stress as a result of the impact of the lockdown, a view corroborated by a leading industry body.

VMware’s seventh annual Global Incident Response Threat Report identified a significant rise in cyber threats, with hackers deploying advanced techniques to deliver more targeted and sophisticated attacks, at the same time as the move to remote working made processes harder to manage and data more difficult to secure.

One of the major impacts of this is on the health and well-being of the security teams tasked with protecting their organisations against the rising threats. The research found that security professionals are struggling to counter the range of complex attacks, compounded by new environments such as the cloud and containers. The result is that many are grappling with health concerns and heightened job expectations, with 51% experiencing extreme stress or burnout over the past year.

And the knock-on effects are particularly concerning, with 67% of those who experienced stress having to take time off work because of it, while 65% have considered leaving their jobs altogether.

The above views from VMware’s research have been reinforced by the findings in a report from the influential Chartered Institute of Information Security (CIISec). The 2020/21 State of the Profession report polled 557 security professionals and found that 80% claimed to have been more anxious and stressed out during the pandemic.

This was partly due to overwork, with the study revealing that whilst security professionals were working 42.5 hours per week on average, some were actually putting in around 90 hours per week due to the pressures they faced.

The pandemic has also shone the spotlight on training and career progression. For example, a frequently cited challenge in the report was the fact that the forced cancellation of education events, including training sessions, had widened the skills gap in the sector.

And the lack of career progression and opportunity for development and growth was also a concern for some, perhaps reinforcing the uncertainty of the pandemic and the lack of career planning in security teams.

What can be done to address these very real concerns and reduce the levels of stress felt by many security professionals? Rick McElroy, principal cybersecurity strategist at VMware   recommended a number of proactive measures to ensure that cybersecurity teams are not only productive, but healthy and able to withstand the stress of the job. These ranged from: “ one-on-ones to hear team members out, to encouraging them to take leadership and professional development courses, to adopting non-standard activities such as walking meetings and mindfulness training”.

He added “On the technical side, give your team the time to operationalise a piece of technology before implementing a new one, offer real breaks and consider rotations of work that assure individuals their careers are progressing.”

Amanda Finch, CEO of CIISec, elaborated further on the issue of career progression, saying: “It’s clear the industry needs to do more to highlight the available opportunities and what skill sets and knowledge security professionals need to move to the next level on their chosen career path”.