Navigating Fatigue in Cybersecurity: A Growing Concern

Navigating Fatigue in Cybersecurity: A Growing Concern Image 1
Navigating Fatigue in Cybersecurity: A Growing Concern Image 2

The fast-tracked evolution of the cybersecurity threat environment over the past few years has created many challenges. The cyber professionals trying to keep up pace have had to bear the brunt of the constant cat and mouse game of data breaches, leading to industry wide fatigue and burnout. 

According to a report by Sophos on the Future of Cybersecurity in Asia Pacific (2024), 85% of companies stated they experience fatigue and burnout among their cybersecurity and IT professionals, almost 1-in-4 (23%) experience this issue ‘frequently’, and 62% ‘occasionally. Concerning statistics for a growing industry. When you factor in the industry's skills shortage, it's no surprise that the job is taking a significant toll on workers' mental and physical health.

So what are the causes behind the fatigue?

The extensive industry research by the Sophos report discovered the following as the top 5 causes of fatigue for cyber security workers:

  1. A lack of available resources to support cyber security activities.
  2. The routine aspects of the role, which create a feeling of monotony.
  3. An increased level of pressure from the board and/or executive management.
  4. Persistent alert overload from tools and systems.
  5. Increase in threat activity and the adoption of new technologies that foster a more challenging, 'always-on' environment.

What are the effects of fatigue on the industry?

Financial impact

The financial cost cannot be understated, ‘Hack the Box’ has uncovered that cybersecurity burnout costs US enterprises over $626 million annually and UK enterprises over £130 million annually.

Sick workers 

According to the same findings, 74% of cybersecurity professionals say that they have taken time off due to ‘work-related mental well-being problems’, with staff reporting taking an average of 3.4 sick days per year due to work-related mental well-being problems.

More security problems

The problem with fatigue in an industry that’s so dependent on workers being detail oriented and alert is that the issue can become its own self-fulfilling prophecy. Many cyber security professionals have identified in the above reports that fatigue has contributed to or was directly responsible for a cyber security breach. 

What are some things that we can do to curb the growing concern of fatigue?

Prioritise employee wellbeing

Organisations should foster open communication around stress, workload, and mental health, while offering resources and support to employees. Creating an environment where staff feel valued and safe to discuss challenges encourages them to seek help when necessary, not to mention encouraging time off and work-life balance.

Leverage Automation

Implementing automation and seeing how tools like AI can help, can ease the burden of repetitive tasks on staff. Automating more mundane work like checks and test and harnessing machine learning, can help to reduce burn-out.

Provide upskilling and development opportunities

Companies can offer opportunities for upskilling, cross-training, and mentorship. Keeping staff current with the latest tools and practices not only promotes growth but also helps alleviate the stress caused by skill gaps.

If you’d like any information about how to hire cyber security talent of all levels for your organisation, get in touch with the Decipher Bureau team. With offices across Brisbane, Sydney, Melbourne and Canberra - and an experienced team around the world, we’d love to help you out.

Find out more about current employment and hiring trends by registering for the 2024/25 Salary Guide here.