- The majority of security professionals, 84%, are feeling burned out, according to a 1Password survey of 2,500 adults who work full-time primarily from a computer in North America, released Tuesday. Five hundred respondents were security professionals in IT departments as managers or higher, and the remaining 2,000 respondents were from other departments in their respective companies.
- Of the significantly burned out security professionals, more than two in five said security rules and protocols are not "worth the hassle," the survey found. Only one in five somewhat burned out security experts feel the same.
- Compared to other types of employees, twice as many security professionals (10%) are more likely to feel "completely checked out" of work. This leads the employees to perform the "bare minimum" of their job.
The pandemic was a catalyst for the Great Resignation in the tech and security industries — adding to the existing skills gap in cybersecurity. Almost two-thirds of 1Password's respondents are actively looking for a new job, close to quitting their current job, or open to new opportunities.
"Our findings show that 'ready to resign' employees are a significantly greater security risk for companies," the report said. Burned out security professionals are considered more of "flight risks" than those who are not burned out.
The overall cybersecurity workforce grew to 4.2 million professionals in 2021, representing a 20% increase from 2020, a (ISC)² Cybersecurity Workforce Study found. Despite the increase in the workforce, the majority of respondents, 60%, said their organizations face risks directly related to staffing shortages.
If existing security professionals are facing burnout, their effectiveness on the job will feel the impact. One in three 1Password respondents said burnout contributes to a decline in initiative and motivation, which also reduces compliance with security protocols.
Threat actors leveraged human emotion throughout the pandemic, and burnout can lead to alert fatigue and analyst turnover. Skills in cybersecurity are already difficult to determine because of the rapid pace the industry and threats move in.
"The biggest threat is internal apathy. When people don't use security protocols properly, they leave our company vulnerable," one survey respondent in security said. Nine in 10 security respondents choose security over convenience, yet they are still susceptible to shortcuts.
Companies have high confidence in their cybersecurity because they can anticipate threats and plan a response. Individual security professionals have more confidence in their ability to find shortcuts than their non-security counterparts — and they try to resolve IT issues on their own, 1Password found.