Vectra AI, a leader in threat detection and response, has released a new Security Workforce report highlighting how mounting pressure on security professionals is creating a health crisis in cybersecurity.
According to findings in the report – Breaking Point: Is mounting pressure creating a ticking time bomb for a health crisis in security – two out of five respondents said they had to seek help because of the impact of work-related stress- including migraines, panic attacks, or high blood pressure. The surmounting effects of stress IT and security experts are facing pushes many to reconsider their careers. Half reported feeling burnt out and ready to throw in the towel.
The survey of 200 UK IT security decision-makers found almost all security leaders (94%) felt increased pressure to keep their company safe from cyberattacks in the past year. Furthermore, one in three have suffered a major security incident over the past 12 months-often resulting in finger-pointing, long hours and damage to team morale, with one in five saying the incident caused their mental health to decline severely.
The data suggests that this is part of a broader problem, with several security pros becoming over-whelmed and at risk of more severe mental and physical health issues:
- 51% of respondents experienced negative emotions such as depression, anger, or anxiety due to feeling overwhelmed by work.
- 56% have had sleepless nights worrying about work.
- 42% have dreaded going into work and have called in sick because they couldn’t face working.
Steve Cottrell, EMEA CTO at Vectra AI, said: “These stats should be a wake-up call. Security teams and their leaders need support to shift away from the constant cycle of over-working and anxiety. Security leaders shouldn’t always be the ones to feel the blame when something goes wrong. In most cases, CISOs will have requested budget, assets and changes that weren’t signed off – so they must be ready to remind the board that security is a shared responsibility. After all, we are all on the same team. With an improved focus on workforce wellbeing, increased investment, better training and the right tooling, we can start turning the tide.”
When looking at outside factors influencing the wellbeing of cybersecurity teams, it is evident that skills shortages are taking their toll. The report finds that two-thirds (67%) of respondents say they don’t have enough talent on their team, with almost one-in-five (17%) saying it feels like each person is doing the workload of three. The results also show an environment where security leaders are working more hours than ever but still cannot cover their workload, living in constant fire-fighting mode.
Changing IT environments and evolving threats are also layering in complexity to the role, with respondents citing rising concerns about ransomware or cyberattacks within their supply chain that could hurt their organisation and some claiming that the issue has given them sleepless nights.
Lack of visibility is also a contributing factor, 92% of respondents said they’ve been worried about their ability to spot legitimate threats amidst a growing volume of security alerts and the vast majority said they’d had concerns that cloud adoption was adding to IT complexity and mounting cyber-risk.
Steve Cottrell, EMEA CTO at Vectra AI, said: “Often anxiety comes when we are facing a problem, we don’t have clarity on. That’s life in security, where environments are complex and attackers frequently change their approach. Today, every aspect of the enterprise – physical and virtual – is under attack; down to the very code we build with, as seen with Log4j. This is where having a threat-led approach to security can be useful. By having a view of the top threats that are likely to impact your business, you can prioritise investments that will help build resiliency to those specific risks, allowing you to prevent, detect, respond and recover in a more effective way. Also, by investing in automation, you can lead a cultural change where everyone is a security professional, helping to spread the load.”