close
close

New technologies and regulations are exacerbating the reality of cybersecurity burnout

Posted on by darion

Considerations on the impact of burnout on employees and identifying its signs and support.

Mental health and burnout should be treated as a business issue and part of resilience.

In a panel discussion at the With Secure “Sphere” conference, Mental Health in Cybersecurity (MHinCS) chair Sarb Sembhi said companies should consider how to support employees on “how they work, how they eat, how they engage and what is it all about? what you can and should do to take care of each other.”

Sembhi, however, said companies often view mental health and burnout as just an issue for HR to address, but it’s only an HR issue, “if you’re not in cybersecurity, but if you’re in cybersecurity, it’s a cyber resilience issue.” “

He said: “If an enterprise believes in true cyber resilience, it must help make all of you more resilient.”

Too much pressure

In a discussion led by conference chair Marcus John Henry Brown, Noora Hammar, director of safety assurance at Volvo Group, shared a time when she felt burned out while managing both a product development and a digitalization project.

“I was at a point in my career where I wanted to grow and be successful, and I thought if I said that no one would think I was difficult,” she said. “So I ended up burning out because the level of expectation on me was too high, there was too much pressure.”

Claiming that she felt the pressure of stress in her personal and professional life, she raised the issue with her manager, who did not understand the problem, so she was left to raise the issue with colleagues who “visualized how much time was spent on the product, what responsibility for each product and how much would be on the backlog because I am unable to deal with them myself.” Showing this to the manager made him realize how much pressure she was under and reduced her workload.

Sembhi admitted that it is not a topic that is discussed and “people go through it themselves and think that what is happening to them is unusual and the norm, but it is inappropriate.”

Great Expectations

Sembhi said that 20 years ago we had one standard – BSI 7799 – and since then we have had more regulations, more compliance, more attacks and more breaches, and “transformational technologies” that need to be secured, and that increases the workload. “And yet we’re taking this on because we think it’s the right thing to do and I think it’s very common, and we just don’t talk about it,” he said.

In recommendations on how to deal with this, the panel recommended scheduling shorter conference calls to allow time for breaks, encourage peer support and collaboration, and establish rules for better work balance.

Scenario

Dan Raywood
Editor
SC Media in the UK

Dan Raywood is an experienced B2B journalist with over 20 years of experience, specializing in cybersecurity for 15 years. He has extensively covered topics ranging from advanced persistent threats and nation-state hackers to major data breaches and regulatory changes. Outside of work, Dan enjoys supporting Tottenham Hotspur, caring for mischievous cats and tasting craft beers.