Growing research links security exhaustion to business risk
- The majority of security professionals, 84%, feel exhausted, according to a 1Password survey of 2,500 adults who work full-time primarily from a computer in North America, released Tuesday. Five hundred respondents were security professionals in IT departments as managers or more, and the remaining 2,000 respondents were from other departments of their respective companies.
- Among severely exhausted security professionals, more than two in five said security rules and protocols were “not worth it,” the survey found. Only one in five somewhat exhausted security experts feel the same.
- Compared to other types of employees, twice as many security professionals (10%) are more likely to feel âcompletely excludedâ from their job. This leads employees to perform the “bare minimum” of their work.
The pandemic has been a catalyst for the Great resignation in the technology and security sectors, exacerbating the existing cybersecurity skills gap. Almost two-thirds of 1Password respondents are actively looking for a new job, are about to leave their current job, or are open to new opportunities.
“Our results show that employees ‘ready to quit’ represent a significantly greater security risk for companies,” the report said. Exhausted security professionals are viewed more as a âflight riskâ than those who are not.
The global cybersecurity workforce grew to 4.2 million professionals in 2021, an increase of 20% compared to 2020, a (ISC) Â² Cybersecurity Workforce Study find. Despite the increase in the workforce, the majority of respondents, 60%, said their organizations face risks directly related to staff shortages.
If existing security professionals face burnout, their efficiency at work will feel the impact. One in three respondents to 1Password said that burnout contributes to a decrease in initiative and motivation, which also reduces compliance with safety protocols.
Threatening actors take advantage of human emotion throughout the pandemic, and burnout can lead to fatigue alert and the rotation of analysts. Cyber ââsecurity skills are already difficult to determine due to the rapid pace of the industry and threats.
âThe biggest threat is internal apathy. When people don’t use security protocols properly, they leave our business vulnerable,â a security survey respondent said. Nine in 10 security respondents prefer security over convenience, but they’re still sensitive to shortcuts.
Companies have great confidence in their cybersecurity because they can anticipate threats and plan a response. Individual security professionals are more confident in their ability to find shortcuts than their non-security counterparts – and they try to fix IT problems on their own, 1Password found.