The effects of the pandemic, leading to what is being called The Great Resignation, is having a severe impact on the global workforce as companies report difficulties finding and retaining talent.
However, the same issue is also having an impact on the cybersecurity posture of these organizations, according to a new report from human-centric security and privacy firm 1Password.
The company’s report, “The Burnout Breach,” is based on a survey of 2,500 adults and explores how burnout is having a negative effect on cybersecurity and is exposing organizations to more risk. This burnout-fueled security risk comes at a particularly terrible time as ransomware and other cyberattacks proliferate business and enterprise networks.
In some regards, the report’s findings are not surprising, detailing how burned out employees are a third less likely to follow their company’s security guidelines and how burnout is fueling shadow IT as 60% more burned-out employees than non-burned-out employees are creating, downloading or using software and apps at work without IT’s permission (48% vs. 30%).
However, it is often cybersecurity and IT professionals themselves that are feeling the burnout more than others and often skirt security policies.
According to the report, security professionals are twice as likely as other workers to report feeling checked out and doing the bare minimum, and significantly burned out security pros are more than twice as likely to say security rules and policies aren’t worth the hassle compared to those who are only somewhat burned out (44% vs. 19%).
Security pros are also nearly 50% ore likely than other workers to be actively looking for a new job, which signals that they are feeling burnt out in their current role.
The report also suggests that IT and security professionals are more likely than other workers to work around their company’s policies because they want to solve their IT problems themselves or because they don’t like their company’s software.
Security pros are also four times as likely to install apps or browsers that the company hasn’t approved.
And, security pros are four times as likely than others to let non-employees like family, friends or roommates to use their work computer.
Jeff Shiner, CEO of 1Password, said in a statement that pandemic-fueled burnout has emerged as the next significant security risk.
“It’s particularly surprising to find that burned-out security leaders, charged with protecting businesses, are doing a far worse job of following security guidelines—and putting companies at risk,” he said. “It’s now a business imperative for companies to engage the humans at the heart of security operations with tools, training and ongoing support to create a culture of security and care that helps us all stay safe at work.”