On National Stress Awareness Day 2022, it would not be an exaggeration to consider that healthcare cybersecurity professionals are experiencing higher-than-normal stress and may face heightened risks to their mental health.
There is the stress caused by a continuing threat of attacks it currently weighs heavily on the entire cybersecurity workforce. Preliminary results from research into burnout among cyber professionals by Australia-based mental well-being support organization Cybermindz, announced this week, point to a worrying trend, says Dr. Andrew Reeves, director of behavioral research and organization of the group, who directs the study. .
He explained in the research update that on the key metric of professional efficacy burnout, cyber professionals surveyed so far have scored significantly worse than the general population.
“We also compared their depletion rates on this metric with another highly burned industry: that of frontline healthcare workers, and found that cyber professionals score considerably lower even than this group on this metric,” he added.
The cascading effect of cyber worker stress
Such deterioration in the mental health of cyber workers, who protect the operation of essential services such as water, energy, telecommunications, health care, financial services, food distribution and transportation, affects entire populations, the organization suggests.
“Most of our critical systems are now exposed to cyber risk; it’s not hard to see that a reduction in our national cyber capacity due to psychological exhaustion can have knock-on effects on the entire population,” said Peter Coroneos, founder of Cybermindz and veteran of the industry.
“The pandemic, floods and wildfires have shown us that the systems we rely on should not be taken for granted. Cyber attacks occur daily and, unlike natural disasters, there is no conceivable end point in sight,” he said in the announcement.
Coroneos did not mince words when defining the stressors experienced by cybersecurity professionals:
- A single failure through a cyber breach that can affect millions of people makes headlines.
- The fast-evolving and relentless attack environment challenges the sense of job completion among the cyber workforce.
- Cyber professionals live with the idea that the only successful attack that could end their career could be just around the corner.
- While largely mission-oriented, cyber professionals are not immune to the sense of hopelessness that a continual threat of attack can cause.
“We must build a strong and resilient cyber workforce,” he urged in the research update. “If they fall, we all fall.”
Resignations rise with ransomware
Mimecast’s latest global State of Ransomware survey of 1,100 cybersecurity decision-makers, conducted in July, also indicates the severity of these concerns.
As ransomware continued to grow in 2022, burnout rates and quit rates are increasing, according to the company’s report. Blog In the past week.
“Of the many consequences of this state of siege, the cybersecurity professionals we surveyed cited a high human cost, including everything from burnout and absenteeism to staff attrition and decreased confidence in the ability of their organizations to defend against attacks. A third said they were thinking of leaving their position within the next two years due to stress,” wrote Dr. Kiri Addison, chief data scientist for threat intelligence at Mimecast.
Some 54% of Mimecast respondents reported a negative impact on their mental health. Such metrics can predict intentions to quit.
“I think we’re seeing early signs of a cohort of professionals questioning their own effectiveness and concluding that their efforts are in vain. When good people leave the industry, we lose a lot of knowledge and experience. Then the pressure mounts on those who stay behind. As a psychological driver of burnout, it’s something we should all be concerned about,” Reeves concluded.
While routine cybersecurity incident response training is needed to keep patients safe, it can also bolster health care cybersecurity professionals, according to CISOs who spoke with Healthcare IT News last month in a discussion about the construction cyber security muscle memory.
Conducting regular training exercises in response to health care cybersecurity incidents can build confidence in knowing what to do, they said.
Andrea Fox is a senior editor for Healthcare IT News.
Email: [email protected]
Healthcare IT News is published by HIMSS.
