Light Dark
January 25, 2023 By Jennifer Gregory 2 min read
News

For many organizations and the cybersecurity industry as a whole, improving retention and reducing the skills gap is a top priority. Mimecast’s The State of Ransomware Readiness 2022: Reducing the Personal and Business Cost points to another growing concern — burnout that leads to attrition.

Without skilled employees, organizations cannot protect their data and infrastructure from increasing cybersecurity attacks. According to Mimecast’s report, 77% of cybersecurity leaders say the number of cyberattacks against their company has increased or stayed the same since last year. Additionally, 36% of organizations report a loss in revenue due to ransomware attacks in the past 12 months.

Considering the growing need for skilled cybersecurity workers, what can organizations do to combat burnout and prevent attrition?

Attacks negatively affect cybersecurity professionals’ mental health

The increased and seemingly constant cybersecurity threats take a personal toll on cybersecurity professionals. The majority (57%) would feel very personally responsible in the event of a ransomware attack. While this statistic has fallen from 71% in 2021 due to the higher number of threats, cybersecurity professionals still take home significant stress from their jobs —  especially those who hold themselves responsible.

After a ransomware attack, organizations often see an immediate effect on their cybersecurity team. Leaders on one-third of teams report a higher number of absences due to burnout in the months after an attack. Unsurprisingly, the stress affects employees, with 54% reporting a negative impact on mental health. Additionally, 56% say that their role becomes more stressful each year.

Burnout affects recruiting and retention

Because of the stress and burnout associated with working in cybersecurity, organizations are now struggling to retain the experienced professionals needed to protect them from future attacks. The report found that a third of cybersecurity decision-makers are thinking of leaving their roles in the next two years due to stress or burnout. Additionally, 34% of leaders reported struggling with recruiting essential IT staff after an attack.

However, organizations can help reduce burnout of their cybersecurity teams. Here are a few ways:

  • Offer flexible work arrangements to let employees find the best work/life balance for their situation. Include the option for remote and hybrid work when possible.
  • Provide training opportunities to help employees grow their careers and skill sets.
  • Create career paths to allow employees experiencing burnout to find another role in the company. Regularly discuss those opportunities to ensure employees are aware of all their options.
  • Offer employees extra time off following attacks that increase stress and overtime.

Cybersecurity is stressful. But organizations that do not work to reduce burnout among employees are likely to be less prepared for future attacks. By working proactively in partnership with employees, leaders can recognize signs of burnout and take action to reduce stress.

 |  | 
Jennifer Gregory
Cybersecurity Writer

More from News
December 23, 2024

FYSA – Adobe Cold Fusion Path Traversal Vulnerability

2 min read - Summary Adobe has released a security bulletin (APSB24-107) addressing an arbitrary file system read vulnerability in ColdFusion, a web application server. The vulnerability, identified as CVE-2024-53961, can be exploited to read arbitrary files on the system, potentially leading to unauthorized access and data exposure. Threat Topography Threat Type: Arbitrary File System Read Industries Impacted: Technology, Software, and Web Development Geolocation: Global Environment Impact: Web servers running ColdFusion 2021 and 2023 are vulnerable Overview X-Force Incident Command is monitoring the disclosure…

November 18, 2024

Research finds 56% increase in active ransomware groups

4 min read - Any good news is welcomed when evaluating cyber crime trends year-over-year. Over the last two years, IBM’s Threat Index Reports have provided some minor reprieve in this area by showing a gradual decline in the prevalence of ransomware attacks — now accounting for only 17% of all cybersecurity incidents compared to 21% in 2021. Unfortunately, it’s too early to know if this trendline will continue. A recent report released by Searchlight Cyber shows that there has been a 56% increase in…

November 4, 2024

Cyberattack on American Water: A warning to critical infrastructure

3 min read - American Water, the largest publicly traded United States water and wastewater utility, recently experienced a cybersecurity incident that forced the company to disconnect key systems, including its customer billing platform. As the company’s investigation continues, there are growing concerns about the vulnerabilities that persist in the water sector, which has increasingly become a target for cyberattacks. The breach is a stark reminder of the critical infrastructure risks that have long plagued the industry. While the water utility has confirmed that…

Topic updates

 Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today
© 2025 IBM Contact Privacy Terms of use Accessibility Cookie Preferences
Sponsored by si-icon-eightbarfeature