TRENDING
////////////////////////////////////////////////////////////////////
information security workers the question,
‘have you ever made significant mistakes as
a result of being overstretched or stressed at
work?’ Over half said yes – 26.8% answered
yes, significant errors, while a further 31.9%
said yes, minor mistakes had been made. A
quarter (25%) said no and 16.2% didn’t
know. Unsurprisingly, a recent report found
that 65% of IT and security professionals
considered quitting due to burnout.
Becky Pinkard, Chief Information Security
Officer with Aldermore, said: “The average
life span for CISOs is quite frightening. One
of the last stats I’ve read it’s just 18–24
months. When you start to look at that
and relate that back, literally anyone in
cybersecurity will be able to tell you a time
when they’ve made a mistake, whether
that’s because they didn’t know what they
were doing, were stressed out, or they felt
under pressure from project management
or timeline pressure, and we are constantly
faced with the same constraints so it will
always be an issue we need to recognise and
deal with.”
Maxine Holt, Research at Ovum, said:
“I haven’t witnessed anything directly
but have heard of plenty of instances of
security incidents and breaches that are
accidental (don’t know doing wrong) or
negligent (know circumventing procedures
just to get the job done) in nature, and for
sure some of these can be attributed to
lack of time or stress. For example, having
to follow a convoluted process to log a sale
might be bypassed just because someone
has a target that they must meet, it’s the
last day of the sales period and a person’s
job depends upon it. There is plenty of
anecdotal evidence in both the private and
public sectors.”
“
YOU CAN HAVE
ALL OF THE
TECHNOLOGY AND
BEST PRACTICE
APPROACHES
DEPLOYED IN
THE WORLD, BUT
ULTIMATELY
SUCCESSFUL
CYBERSECURITY
RELIES ON
THE SKILLS,
INGENUITY
AND COGNITIVE
ABILITY OF THE
HUMAN BRAIN.
Kevin Fielder, CISO at Just Eat believes
organisations need to be doing more.
He said: “It’s a high pressure, always-
on role that can easily burn people out.
Organisations need to really recognise
this and provide support for their teams.
As a manager I also try to make the team
and working environment as flexible and
supportive as possible.” He believes the
best kind of support is an organisation that
genuinely invests in it and makes support/
counselling available to all, plus a team
culture that is supportive.
Independent Researcher, Dave Edwards,
said: “Security is a very stressful job as risk
decisions needs to be made. Good decisions
are not always a popular choice, they can
delay projects and cost revenue. Companies
can do more, I have had a positive
experience, although this is about company
culture and organisational values; senior
leaders such as CIOs, Directors, etc., need to
lead and set an example.”
Nicole Mills, Senior Exhibition Director at
Infosecurity Group, said: “We as Infosec
professionals and leaders need to be resilient
ourselves – developing new skills and on a
personal level, being resilient to the stress
and pressure facing people in our industry.
“Our poll clearly highlights that human
skill and expertise is the most important
aspect in building a strong cyber-resilience
strategy and this is why organisations
need to focus on providing a safe and
supportive environment to protect their
most important asset. By building the
expertise of those involved at the sharp end
of cyberattacks and taking measures to
provide them mental health support will not
only help to strengthen resilience, but it will
attract and reassure those wanting to enter
the industry.” n
Employee mental health and well-being
should be an essential consideration for all
employers and none more so than those
working in information security, but is
enough being done?
Responses to the question, ‘does your
organisation provide mental health support
to its employees who are responsible for
dealing with a cybersecurity data breach or
attack?’ were resounding with a staggering
45.5% answering no, 31.6% didn’t know
and just over a fifth (22.8%) said they were
being offered support.
28
INTELLIGENTCIO
www.intelligentcio.com