Cybersecurity work meshes with leisure time and sleep cycles like socks on a cat. They don’t mix.
That sobering reality should be a concern to CISOs trying to wring more productivity from IT security teams dealing with the pressure cooker realities of shrinking budgets, more cyber threats and less resources.
A recent poll of cybersecurity professionals found a third (32%) of respondents said work disrupts their off-the-clock evening free time. Neither is there respite from bugs, patches and cyberattacks while security pros hit the beach for vacation with 90% of respondents confessing they juggle work email and Slack missives while trying to get away from work.
The sleepless in cybersecurity study was published Tuesday by threat intel firm Centripetal, who polled 200 cybersecurity professionals at a September security conference, as well as other events in the UK and Ireland.
Why breaches and beaches don’t mix
“It’s important that cybersecurity teams foster a culture where employees are able to switch off without feeling guilty or under pressure,” wrote Jess Parnell, chief information security officer at Centripetal, in a blog post.
The importance of unplugging from the always-on security culture is multifaceted. First off, a work-life balance is table stakes when it comes to reducing stress, improving emotional states and increase overall employee productivity and job satisfaction.
High staff churn rates, work-related stress and sleep deprived frontline cybersecurity defenders are often compromised, reducing their ability to be the best they can be on the job and put their entire organization at risk.
“The fact that so many employees find that their cybersecurity jobs regularly interfere with their personal lives implies a crisis of work-life balance in our industry,” Parnell wrote.
Time and again, postmortems on cybersecurity incidents correlate stress and burnout of security teams with them being less productive and more prone to mistakes. Improved workplace mental health conversely leads to better job performance (better security) and head off cybersecurity talent flight.
Workplace stress: The hidden threat
Centripetal said 100% of security professionals surveyed said they work more hours than paid for. A fifth (18%) estimate they give their employer eight-plus hours of unpaid overtime a week. Half of the cyber pros (46%) said those long hours were driven by a sense of loyalty to their organizations. Less than a quarter of respondents (23%) said it was because of more cyber threats and only 16% suggested it was because of inadequate staffing.
Parnell suggested that organizations can encourage such a balance by having adequate tools and solutions to offload more of the day-to-day tasks, as well as automating or outsourcing tasks.
An overworked and overstressed cybersecurity workforce is an issue that has plagued companies for decades. However, Centripetal points out that November kicks off both the time of year employees make time to spend with their families and hackers ramp up their adversarial efforts.