Despite the widespread lack of breach preparedness and adequate incident response practices in organizations, cybersecurity professionals who are tasked with responding to attacks experience stress, burnout, and mental health issues which are aggravated by a lack of breach preparedness and inadequate incident response practices.
IBM Security has sponsored a study this week that has found that two-thirds (67%) of incident responders experience stress and anxiety at least sometimes during their engagements. In response to the Morning Consult survey conducted by Morning Consult, 44% of those surveyed sacrificed their relationships for their well-being and 42% suffer burnout. According to the survey, 68% of incident responders have been operating two or more incidents at the same time. This results in them being stressed every time they are working on incidents, according to the survey results.
In an organization where incident responders, employees, and executives of the company face a wide range of incidents, such as a fire, an explosion, or a major event, John Dwyer, head of IBM Security's X-Force response team, says that organizing and practicing how to handle such incidents can reduce the level of stress amongst incident responders, employees, and executives.
Organizers are failing to effectively establish their response strategies that are geared toward responding to emergencies with the responders in mind - "the response process does not have to be as stressful as it is today," he stressed. Responders often have to handle organizations during an incident. This is because these organizations are not prepared for the crisis that occurs when these kinds of attacks happen every single day. Therefore, the responders are usually responsible for managing those organizations.
The IBM Security-funded study underscores why cybersecurity organizations are increasingly focusing on the mental health of their members. About half (51%) of cybersecurity defenders have suffered burnout or extreme stress in the past year, according to a VMware survey released in August 2021. According to cybersecurity executives, the threat of an attack affecting the community and companies' ability to retain skilled workers can have a significant impact.
A study sponsored by IBM Security provides support for why the cybersecurity community has been focusing increasingly on the mental health of its members as the field has evolved. It has been reported that about half of cybersecurity defenders have suffered burnout or extreme stress during the past year. This is according to a VMware survey released in August 2021 which surveyed 3,000 cybersecurity professionals. The issue of cybersecurity retention has also been highlighted by executives in the security field as one that impacts the whole community. This impacts providers' ability to attract and retain skilled workers.
Based on findings from the IBM survey of incident responders based in the US, it was found that 62% sought mental health assistance as a result of doing their job, but that 82% of US employers had put in place an adequate program and services to handle this situation.
"I've worked on some really big incidents in the past with clients who were very prepared, and I found that to be a very satisfying experience to do so," explains Dwyer about what he has done in the past. During the past few years, several incidents have occurred when the incident response processes of the company lacked the readiness to deal with these situations, which caused me to have to deal with a great deal of stress during these times."
The survey found that incident response professionals have three main reasons for choosing the profession, which may explain their decision to pursue it. A study by the American Management Association found that 36 percent of respondents indicated their motivation for joining the company was a sense of duty of protection. In addition, 19% said they were interested in solving problems. Furthermore, 19% said they joined because they wanted continuous learning opportunities.
As a result of the survey, half of those surveyed cited managing expectations from multiple stakeholders as a top-three stressor, and 48% cited their sense of responsibility toward their client or business as another top-three stressor. According to the survey, one of the most striking findings is that incident responders are very dedicated to their roles, with almost one-third (34%) working 13 or more hours a day in the most stressful periods of the incident response process, which in turn strengthens the dedication to their jobs.
According to Dwyer, the general public does not seem to realize how long these men and women are working to ensure that people's lives and businesses are not disrupted because they work long hours.
