• Technical contribution
  • Management, Awareness and Compliance

When stress goes viral

The Coronavirus pandemic has added even greater pressure to cyber security professionals’ stress loads, reports it-sa 365 media partner ‘Cyber Security Europe’ magazine.

Coming Soon
Coming Soon
Function NürnbergMesse GmbH

This content is available to the it-sa 365 community. Please register or log in with your login data.

Exhausted man with closed eyes, wrinkled forehead, on which he has pushed up his glasses, hands in his face
Even before the coronavirus pandemic caused their anxiety levels to soar to hazardous new heights, Europe’s senior cyber security professionals were known to be subject to disproportionately high levels of occupational stress.

Such burnout can cause acute harm at both organisational and individual levels. Directorate heads and chief officers, now closer than ever to cyber governance decision-making, should ensure that executive leaders are apprised of the situation.
Man with mask at the desk

For most people chronic mental pressure is an acknowledged performance inhibitor. With respect to cyber security, this is all to the favour of threat actors, because stressed-out CISOs do not lead well and/or do their jobs as effectively as possible – they become more liable to operational slipups and defective leadership. 

A stressed IT security work team is unable to watch-out for one of its number who may show signs of inattention. Oversight suffers, and mistakes are made in cyber defence administration that hackers could exploit. Daily concerns related directly or indirectly to Coronavirus compound an already barely tolerable situation. Coronavirus has, of course, caused disruption across many occupations and disciplines, but has held acute resonances for the cyber security profession. Recent increases in opportunistic Coronavirus-related attacks has not meant any lessening of ‘threats-as-usual’ offensive activity.

The pandemic – and the concerns it gives rise to – create perfect conditions for cyber criminals to step-up their activities. Employees are likely more susceptible to phishing and malware attacks in a climate riddled by Coronavirus concern; and a requirement to work remotely might introduce a delay in human response to hack attacks and other intrusions into an organisation’s IT systems.

Then there is also an insider threat dimension to the situation. Employees who, for any reason, take exception to being furloughed, might become more minded to misappropriate workplace data assets. Subsequent employee redundancies would heighten this risk.

On top of all this, the likelihood that team strength might be lessened by team members becoming unwell and unable to work, is bound to play on the minds of enterprise security leaders. Any assessment of the impact of stress on cyber security practitioners also should take account of the fact that they are essentially technologists – and typically, that’s not a role where they will customarily undergo training to enable them to deal with the pressures of the job in the same way that somebody working in emergency services would be.
a man and a woman with mask in front of a screen, woman points on it
Indications are that cyber criminals have highly scalable resources when it comes to exploiting unprecedented situations like pandemics and lockdowns. These accumulated pressures can only add to the chances that the mental health of cyber security professionals will suffer as the situations unfolds, particularly if subsequent ‘waves’ of contagion occur (as some health experts have warned of) and prolong an already hyper-critical situation.

Scheduled work routine breaks that might help an individual find respite from the predicament –such as vacations or visits to cyber security industry exhibitions and conferences, like it-sa – are curtailed until the emergency is deemed past.

“In a world increasingly focussed on the scourge of mental illness, it seems appropriate to try to understand the exposure of security professionals to the work-related aspects of this condition,” says the Chartered Institute of Information Security (CIISec)’s ‘The Security Profession in 2020’ report, based on a survey of its members.

In reply to the question ‘Have you or someone you know left a job due to overwork/burn-out?’, 18% of respondents said that they had left a role due to the pressure or risk of ‘burning out’. A further 25% of CIISec members have at least thought about it. 

As this year’s pandemic has proved, Europe’s cyber security professionals must now deal with the disruptive impacts of viruses of many kinds.

You can also find the corresponding magazine here: