Cybersecurity professionals tasked with responding to attacks experience stress, burnout, and mental health issues that are exacerbated by a lack of breach preparedness and sufficient incident response practice in their organizations.
A new IBM Security-sponsored survey published this week found that two-thirds (67%) of incident responders suffer stress and anxiety during at least some of their engagements, while 44% have sacrificed the well-being of their relationships, and 42% have suffered burnout, according to the survey conducted by Morning Consult. In addition, 68% of incidents responders often have to work on two or more incidents at the same time, increasing their stress, according to the survey's results.
Companies that plan and practice responding to a variety of incidents can lower the stress levels of their incident responders, employees, and executives, says John Dwyer, head of research for IBM Security's X-Force response team.
"Organizations are not effectively establishing their response strategies with the responders in mind — it does not need to be as stressful as it is," he says. "There is a lot of time when the responders are managing organizations during an incident, because those organizations were not prepared for the crisis that occurs these attacks happen every day."
The IBM Security-funded study underscores why the cybersecurity community has focused increasingly on the mental health of its members. About half (51%) of cybersecurity defenders have suffered burnout or extreme stress in the past year, according to a VMware survey released in August 2021. Cybersecurity executives have also spotlighted the issue as one that affects the community and companies' ability to retain skilled workers.
The IBM survey found that 62% of US-based incident responders sought mental health support as a result of their job, but that 82% US companies had an adequate program and services in place to help their workers.