Header image

New Technologies and Regulations Add to Reality of Cybersecurity Burnout

Considerations on how burnout affects staff, and how to identify the signs and support.

Mental health and burnout should be considered as a business issue, and be considered to be part of resilience.

In a panel discussion at the With Secure ‘Sphere’ conference, Mental Health in Cybersecurity (MHinCS) chair Sarb Sembhi said businesses should look at how to support employees in “how they work, how you eat, how you engage, and what it is that you could and should be doing to take care of each other.”

However Sembhi said that businesses often see mental health and burnout as just an issue for HR to deal with, but it is only an HR issue “if you’re not in cybersecurity, but if you’re in cybersecurity then it’s a cyber resilience issue.”

He said: “If the enterprise believes in real cyber resilience, they need to help make all of you more resilient.”

Too Much Pressure

The discussion, led by conference chair Marcus John Henry Brown, saw Noora Hammar, head of security assurance at the Volvo Group, discuss when she felt burned out, when managing both a development product, and also a digitising project.

“I was at the point in my career where I wanted to thrive and succeed, and I thought it if I said no people will think I am difficult,” she said. “So I end up having burnout as the level of expectation towards me to was too high, it was too pressured.”

Saying she felt the pressure of stress in her personal and professional life, she raised this with a manager who didn’t understand the problem, so she was left to raise the issue with colleagues who “visualised how much time was consumed per product, how much responsibility per product and how much will be on the backlog because I’m unable to cope with them just by myself.” Showing this to her manager made them realise the pressure she was under and got her workload reduced.

Sembhi acknowledged that this is not something that is discussed, and “people go through this on their own and think that what’s happening to them is unusual and it’s the norm, but it’s wrong.”

Great Expectations

Sembhi said that 20 years ago, we had one standard - BSI 7799 - and since then we have more regulations, more compliance, more attacks and more breaches, and “transformational technologies” that have to be secured, and this increases the workload. “Yet we take it on because we think it is the right thing, and I think it is very common and we just don’t talk about it,” he said.

In recommendations of how to deal with this, the panel recommended scheduling shorter conference calls to allow time for work breaks, encourage peer support and collaboration, and set rules for having a better work balance.

Dan Raywood Senior Editor SC Media UK

Dan Raywood is a seasoned B2B journalist with over 20 years of experience, specializing in cybersecurity for the past 15 years. He has extensively covered topics from Advanced Persistent Threats and nation-state hackers to major data breaches and regulatory changes. Outside work, Dan enjoys supporting Tottenham Hotspur, managing mischievous cats, and sampling craft beers.

Dan Raywood Senior Editor SC Media UK

Dan Raywood is a seasoned B2B journalist with over 20 years of experience, specializing in cybersecurity for the past 15 years. He has extensively covered topics from Advanced Persistent Threats and nation-state hackers to major data breaches and regulatory changes. Outside work, Dan enjoys supporting Tottenham Hotspur, managing mischievous cats, and sampling craft beers.

Upcoming Events

11
Jul

Beyond Cloud Security Posture Management:

Validating Cloud Effectiveness with Attack Simulation

image image image image