IT Essentials: Sun, stress and security
Burnout is the scourge of UK cyber - don't let it ruin your holidays
With burnout rife among the UK's overworked security professionals, is a simple summer holiday enough to get them back on track?
Summer is approaching. Many of us rightly use these long days of sunshine* to refresh and recharge, whether we're jetting off on holiday or simply enjoying the sunny weather at home.
If summer is when we take a much-needed break, it stands to reason that by the time spring ends, most of us are at the end of our metaphorical tether. At that point it's been half a year since the last long break (no parent would count school holidays as restful), and burnout threatens.
Even the Victorians recognised the risks of burnout. Workers won the generous right to take Saturday afternoons off in 1843 (although burnout then was more about the risk of losing fingers than cyber hygiene), though the two-day break we all know and crave didn't reach the UK for another 90 years.
This week we published research where nearly half of the IT leaders we spoke to said their team members had experienced burnout in the last three years - a pretty staggering figure considering the dearth of cyber professionals.
Two weeks ago, at our Cyber Security Festival, CISOs encouraged moving away from cyber's blame game - again, with the aim of keeping staff happy, healthy and, most of all, harmoniously employed.
It's not only junior staff, either - although that's bad enough, considering today's juniors will soon become your middle and senior managers. Two percent of respondents said their C-level security execs had suffered burnout, and 33% said it had affected both junior and senior roles.
The takeaway, obviously, is that we're not doing enough to support cyber professionals. They're overworked, stressed and at risk of dropping out of the industry all together.
Part of the problem is cyber is still a relatively new sector, and the CISO position is much newer than CEO, CFO or even CIO. There's no standard for management, responsibility or reporting lines, so depending on the company cybersecurity could be the purview of IT, ops or even finance (please don't let this happen).
As a security professional this year, as well as planning your well-deserved holiday, take a moment to think about who you report to. Do they really understand cyber? Can they explain and evangelise it to the board? If not, who should you be reporting to in your company?
I'm not saying all this to stir the pot. We all work best and relax more under managers we can trust, so reporting in to someone who really gets and supports cyber will keep you in the company - and the company itself safer - for longer.
With that sorted, you can kick off your shoes and get down to the really important business of unwinding.
* If it's raining when you read this, sorry.
Recommended Reads
As well as burnout, our newest cyber research also looks at the tools you can use to take stress away from staff - and while AI naturally has a showing, it's not the only game in town.
Penny Horwood talked to Davies' CISO Samantha Hart about the role of a modern security leader: essential reading for anyone in the sector, with plenty of advice on reporting lines, securing budget and managing threats.
We've also examined the viability of chancellor Jeremy Hunt's ambitious plan to build a $1 trillion tech company in the UK. Aside from the difficulty of fostering a company worth more than the entire UK tech sector today, there are more than a few social challenges to get past, too.
And finally, John Leonard has talked to Nemetschek Group CEO Yves Padrines about how tech is helping to solve the construction industry's pollution problem.