Cybersecurity professionals are feeling stressed and struggling to keep up with their workload, and about half are thinking of quitting as many succumb to burnout, according to a study released today by industry analyst Cobalt.
“Business as usual is not usual, and perhaps may never go back to pre-pandemic expectations,” is the report’s verdict on the post-COVID state of the infosecurity sector. But it would appear that it isn’t the virus that is making workers ill – rather, it’s their jobs.
That is having serious repercussions on the cyber landscape, with nearly all of the 600 workers surveyed by Cobalt saying they were struggling to recruit more staff. Two-thirds said that they were unable to maintain effective cybersecurity overall, while eight in ten could not consistently monitor their defenses for vulnerabilities.
With 54% of cybersecurity professionals saying they are thinking of quitting and six in ten reporting burnout or other mental health problems, this gap in companies’ cyber defenses seems unlikely to be plugged any time soon.
Perhaps most shockingly, two-thirds of employees even said the stresses of their job had caused them to develop physical health problems.
“Talent shortages have a tangible impact on security programs,” said Cobalt. “As colleagues leave and roles stay open, teams are struggling to maintain security standards, particularly around compliance and supporting secure development. Vulnerabilities are more likely to slip past undetected, and teams are concerned they’re not ready to respond to an attack. Their biggest concerns are social engineering and third-party software exposure.”
Bigger not better
Cobalt found that on average it took companies a fortnight to fix a cyber vulnerability. However, when it dug deeper into this data, it found that smaller firms – of fifty or fewer employees – were the fastest to plug security gaps, despite having no dedicated cybersecurity team. The largest firms with more than 1,500 staff took the longest, three weeks on average, even though such enterprises typically boast more than ten cybersecurity professionals on their payrolls.
“Our assumptions are that smaller companies might be more nimble, with smaller attack surfaces and fewer processes to follow,” said Cobalt. “They are often born in the cloud, practice agile processes, and smaller teams face greater scrutiny and individual accountability than their enterprise [big company] counterparts.”
Cobalt warns that the malaise being experienced by cybersecurity workers could leave their firms exposed to a breach on the magnitude of last year’s Colonial Pipeline attack, which saw the Texas-based oil and gas supplier pay $4.4 million to Russian-backed ransomware gang DarkSide.
Jay Paz of Cobalt urged companies to take steps to rectify problems causing poor health among overworked staff. “To address systemic burnout, organizations should take stock of their go-to-market priorities [and balance these] against employees’ capacity,” he said. “They must take a hard look at what is causing burnout and disillusionment, and make changes that put their people first.”
Cobalt gathered the data after it analyzed the results of more than 2,000 penetration tests – in which white-hat, or authorized, hackers conduct cyberattacks on a company to assess its defenses.
More from Cybernews:
Subscribe to our newsletter