Workforce Burnout Presents Cybersecurity Risks, Report Finds

December 09, 2021 - Pandemic-driven workforce burnout has been detrimental to the mental and physical health of workers across all industries, but a new report from 1Password found that burnout can also lead to increased cybersecurity risks.

1Password surveyed 2,500 adults whose work is primarily conducted in front of a computer. Results revealed that employees experiencing burnout were three times as likely to think that security rules and policies “aren’t worth the hassle,” compared to respondents who were not experiencing burnout.

Alarmingly, cybersecurity professionals stood out by reporting disproportionately high levels of burnout. Cybersecurity professionals were twice as likely as other respondents to say that they are “completely checked out” or “doing the bare minimum” because of burnout.

“Despite the high level of automation in today’s business world, workplaces still rely heavily on human beings—and technology security professionals in particular— to implement the protocols that safeguard their assets, data, information and, ultimately, reputations,” the report noted.

“When even a small number of people relax their vigilance, organizations are at grave risk. Pervasive burnout among security professionals and other employees presents a significant cybersecurity threat.”

Almost half of burned-out respondents reported creating, downloading, or using software and apps at their workplace without IT’s permission. Additionally, 59 percent of burned-out employees reported picking easy passwords and using the same passwords for everything, compared to 43 percent of employees who were not experiencing burnout.

In addition to lax security measures, researchers found that more than 64 percent of respondents were actively looking for a new job or were on the verge of quitting. Nearly 50 percent more security professionals reported actively looking for a new job versus other workers.

Recent analysis from (ISC)² found that the cybersecurity workforce gap narrowed for the second consecutive year, but the global workforce still must grow by 65 percent in order to effectively defend critical assets and data.

A workforce shortage combined with employee burnout and an ongoing global pandemic creates vulnerable IT networks, leaving organizations open to cyberattacks. For healthcare, cyberattacks have the potential to be detrimental to patient safety.  

Most of the surveyed employees who did quit their jobs during the pandemic’s “Great Resignation” period reported being able to access former work accounts after they had left the company, pointing to another major security risk.

The survey also indicated that many employees were generally not confident about emerging security threats. Over half of surveyed employees said that they had recently received an email that could have been phishing, but they were unable to identify it.

As more industries shift to hybrid or remote work models, including the healthcare sector, new security risks are bound to be exploited by bad actors. Meanwhile, workforce burnout continues to present security and health risks to employees across all sectors.

“Widespread burnout among employees, and security professionals in particular, is leaving organizations dangerously vulnerable to cybersecurity attacks,” the report concluded.

“While fast-evolving technologies and practices have enabled organizations to survive and thrive throughout the Covid-19 pandemic, their rapid escalation—coupled with the enormous toll the pandemic has taken on employees’ lives and well-being—have created new opportunities for bad actors.”