General security

Preventing cybersecurity employee burnout and churn: 6 tips for managers

Christine McKenzie
June 30, 2020 by
Christine McKenzie

Introduction

“Burnout” and “churn” are two words that probably send shivers down the spines of most cybersecurity managers. After all, employees who are “feeling the burn,” so to speak, abandon their current jobs at a much higher rate than happy employees. And with a cybersecurity skills shortage plaguing the hiring field, filling those empty seats may be easier said than done. 

But what exactly is cybersecurity burnout and what are some things managers can do to prevent it? Keep reading to learn what you can do to protect your cybersecurity staff from burnout and churn. 

FREE role-guided training plans

FREE role-guided training plans

Get 12 cybersecurity training plans — one for each of the most common roles requested by employers.

What is cybersecurity burnout?

Burnout doesn’t have anything to do with fiery explosions. Instead, the word describes what happens when people are overworked and under-resourced. People suffering from burnout often feel exhausted, frustrated, helpless and jaded at work. They may dread coming into the office each day and are likely searching for another job (or at least considering it). Left unchecked, burnout can lead to serious issues like depression, insomnia, substance abuse and even heart disease. 

A startling report by Blind, a social media platform just for tech workers, revealed that 57% of its users are actively experiencing burnout. When over half the workforce in a given industry feels overworked, it’s safe to say that some serious soul-searching needs to be done by company leadership. 

When you can identify what’s causing burnout, you can come up with strategies to combat them. That leads to happier employees, higher retention rates and boosted productivity. It’s a win-win! 

Why cybersecurity burnout is real 

We know that burnout is a widespread issue in cybersecurity, but what exactly is causing so many infosec pros to feel run down? Understanding the factors that cause your staff to feel burned out will put your company in a better position to ultimately alleviate stress and boost morale. 

According to the Bitdefender Hacked Off! report, some of the top causes of cybersecurity burnout include: 

  • Being under-staffed
  • Working with senior managers who don’t understand cybersecurity
  • Working with non-technical staff who don’t understand cybersecurity 

So, what are some things managers can do to address these stressors? Take a look at our top tips for keeping your infosec staff happy and safe from cybersecurity burnout.

6 tips to help prevent cybersecurity burnout

1. Training and support 

In an ever-changing field like information security, employees benefit from ongoing training to feel on top of the tools and technology essential to their jobs. Training, workshops and professional development opportunities will ensure your infosec staff are proficient with the latest technology and feel confident in their ability to stop cyberattacks in their tracks.

Cybersecurity professionals are also in a unique position thanks to the skills gap the industry is facing. At some organizations, especially smaller ones, your staff members may have to wear multiple hats and perform functions that are normally outside the scope of their job titles. This puts enormous pressure on those staff if they haven’t been fully trained and prepared. Instead of leaving them to sink or swim, ensure that they have the training resources and support they need to perform their full range of tasks seamlessly. 

Infosec pros aren’t the only employees who would benefit from training. According to the 2019 Hacked Off! report, 36% of infosec staff reported that they’re stressed out by general employees who don’t have a basic understanding of cybersecurity. With that number in mind, it’s safe to say that additional training benefits everyone. 

2. Workplace flexibility

Do you know what causes your cybersecurity staff to burn out? According to research by the Mayo Clinic, two of the top five causes go hand-in-hand: inadequate work-life balance and lots of overtime. You can see how one easily leads to the other! The vicious cycle of over-work leads to staff feeling stressed out and without enough free time to engage in stress-relieving activities. Let this cycle run long enough, and it turns into chronic cybersecurity burnout. 

Work-life imbalance can hit infosec staff especially hard. Oftentimes, cybersecurity staff may find themselves working long hours overnight and on weekends. Some jobs, like pentesters, might require staff to travel nationally for on-site threat simulations. Long hours and travel can quickly cause even your most resilient staff members to burn out. 

One remedy for work-life imbalance is greater flexibility. Policies like work-from-home, increased paid time off and paid leave for new parents can help employees balance their workload with their personal lives more comfortably. It also gives them an opportunity for some much-needed rest and relaxation, so they come back refreshed and ready to work.

3. Encourage collaboration 

When someone feels overloaded with responsibility, they’re more likely to experience cybersecurity burnout. That’s why setting up a workplace built on collaboration can help break up tasks and responsibilities into manageable pieces. 

Lots of security and IT teams follow the traditional hub-and-spoke model, where a manager delegates tasks out to staff members who are then expected to complete them individually. However, alternative models that emphasize collaboration, like the full-mesh model, allow staff to team up to tackle projects and initiatives together. Not only does this result in quicker outcomes, but it also helps staff feel less isolated. 

Your company can also take this collaborative approach a step further by introducing SecOps. This popular model has been shown to enhance communication and integration between the security team and IT operations team. 

The beauty of SecOps is that it allows for potential security issues to be addressed before they become full-blown crisis situations, which greatly alleviates the pressure put on your security team. Instead of scrambling to put out fires, they’re working to make sure the system is fire-proof from the start. 

4. Rotate security roles 

Throughout history, the changing of the guard has been used to split up guard duties so some team members keep watch while others rest and recover. Although we’ve come a long way from scanning the horizon for barbarian raiders, the practice of rotating security roles is highly applicable to modern cybersecurity. 

When only one person is tasked with threat monitoring, it’s easy to become fatigued, burned out and less observant as time goes. Rotating the task among staff members will give them a much-needed break. Plus, it ensures that a fresh pair of eyes is always scanning the digital horizon! 

5. Prioritize self-care 

Cyber-vigilance is a round-the-clock endeavor, but that doesn’t mean your employees shouldn’t have opportunities to unplug and unwind. Team-building exercises and social events like happy hours can go a long way towards boosting morale and making your employees feel valued. Plus, it gives them a much-needed break from the relentless grind of monitoring networks and end-point devices. 

6. Keep workloads manageable 

Cybersecurity staff who feel overwhelmed by the sheer amount of tasks on their plates are prone to quickly burning out. Instead of expecting staff to multi-task, managers can instead promote a culture of “mono-tasking,” which encourages staff to focus on one major task at a time. You can do this by setting short-term goals and clear expectations for how to accomplish those goals. This helps break larger projects into smaller, bite-sized pieces and streamline each staff member’s workload. 

Cybersecurity burnout isn’t inevitable 

Why is it so important that managers address burnout in cybersecurity? Because burned-out staff are much more likely to quit than their peers. And in a field facing an unprecedented skills shortage, you may not be able to fill that empty seat for a long time. In fact, a report by (ISC)2 revealed that 63% of companies don't have enough cybersecurity staff, and 60% of companies think this skills shortage leaves them wide open for cyberattacks. 

Implementing anti-burnout strategies will improve retention rates for your current infosec employees. Plus, if your department gains a reputation for having a positive work culture, you should have an easier time attracting new, competitive talent for future job openings. 

Our tips should help your company hit the reset button on cybersecurity burnout and foster a happy, healthy work environment for your staff. 

 

Sources 

  1. Cybersecurity Skills Shortage Soars, Nearing 3 Million, (ISC)2
  2. Close to 60 Percent of Surveyed Tech Workers Are Burnt Out—Credit Karma Tops the List for Most Employees Suffering From Burnout, Blind Workplace Insights
  3. Hacked Off!, Bitdefender
  4. Job burnout: How to spot it and take action, Mayo Clinic
Christine McKenzie
Christine McKenzie

Christine McKenzie is a professional writer with a Master of Science in International Relations. She enjoys writing about career and professional development topics in the Information Security discipline. She has also produced academic research about the influence of disruptive Information and Communication Technologies on human rights in China. Previously, she was a university Career Advisor where she worked extensively with students in the Information Technology and Computer Programming fields.