In the past few years, employee burnout has been plagued many workplaces—so much so that for the first time in history, the World Health Organization (WHO) classified job burnout in 2019 as an official “syndrome”. “Successful management of long-term work pressure.”
Soon after the World Health Organization designated it, the COVID pandemic hit and accelerated the burnout syndrome. For example, according to a survey of millions of professionals by LinkedIn, by the first half of 2020, the signs of job burnout among American workers have increased by more than 30%.
Information security personnel are not immune to this acceleration of burnout. In a VMware survey released in September 2021, 51% of cybersecurity professionals stated that they had experienced “extreme stress or burnout” in the past year.
Indeed, this is a challenging time for CISOs who want to keep their employees healthy, complete and resilient. But they also provide opportunities for managers and leaders to seize the opportunity to become the backing of the team they lead.
In many cases, chief information security officers can help their employees overcome burnout. To this end, CISOs should first understand the components of job burnout and its driving factors, and be willing and able to address these factors before actual job burnout starts.
Anatomy of burnout
According to the definition of the World Health Organization, burnout has three main components. The first is the feeling of exhaustion, or exhaustion of energy. The second is depersonalization. In this case, team members begin to feel alienated from their work and begin to experience various actions. Work has become less meaningful.
Exhaustion and depersonalization can be combined to produce a third component of burnout: reduced personal accomplishment. When this happens, exhausted employees will lose executive functions—the ability to concentrate, develop strategies, and analyze in a nuanced manner.
To prevent employees from reaching this point, CISOs should focus on identifying and mitigating the root causes that often lead to burnout.
These root causes may include working hours lasting more than 60 hours per week; permanent expectations for non-working hours and weekend work; constant deadline pressure; and a very busy schedule. Most of these factors are not uncommon among information security personnel.
In addition, the study pointed out two factors that may lead to job burnout, involving the company’s daily working conditions. One is the ambiguity of roles, which happens when team members are unclear about what is expected of them. The other is the unfairness in the relationship between managers and employees, including partiality, non-recognition of contributions and unreasonable job requirements.
Coping with these stressful situations usually requires a lot of emotional resources, which can consume the energy of team members. CISOs who sincerely strive to avoid these two factors in their daily operations may reap huge benefits in terms of employee engagement and flexibility.
Signs and solutions
Of course, proactive detection and treatment of burnout factors are not always successful. Therefore, CISOs should also look for common signs of burnout that team members may exhibit, including:
- Yield and timeliness dropped sharply.
- There is a general lack of energy and enthusiasm for job functions.
- Persistent signs of anxiety and stress.
- Extremely irritable to colleagues and duties.
- The social pattern with colleagues has changed significantly.
If some of these characteristics exist, CISO has several options to solve these problems.
One is to check for possible workload issues. If the workload is overwhelmed, even the most resilient team members will be exhausted. If employees show signs of burnout, you can evaluate whether certain tasks should be assigned to other employees where possible. When taking this route, the CISO must let the team members know that this is done to scale up, not as a punitive measure.
If signs of burnout indicate particularly stressful information security tasks, such as protecting assets from rapidly increasing threats, then discussions about providing more support to employees may help them feel less alone in challenging situations.
CISOs may also consider conducting strategic operations analysis. Such efforts may indicate that although the team produces more output as the workload increases, the risk of burnout and turnover is also increasing, and the possibility of costly mistakes is also increasing. Is the output worth the risk? Due to staff turnover and errors, hiring additional help or outsourcing some tasks may end up being cheaper than long-term costs.
This kind of operational analysis also allows the CISO to better understand where the workload can be reduced. In some cases, it may indicate that certain time-consuming tasks are at least partially unnecessary.
Flexible measures
Another way for a chief information security officer to become a continuous leader is to take forward-looking measures to help team members build resilience so that they are less likely to reach the stage of exhaustion and exhaustion.
For example, Grant Some decision-making power of team membersWhen possible, this helps to give them a sense of autonomy and strength, which helps them avoid feelings of powerlessness that can lead to exhaustion.
supply Coach feedback This is to help team members make adjustments in a timely and specific manner, letting them know that they are in a productive process, not just turning their wheels.
an examination Regularly contact team members Knowing how they feel about their energy levels and internal resources helps CISOs understand the well-being of their employees.
At last, Choose cooperation method Working with team members, not nurturing methods, is an excellent way for CISOs to help employees build flexibility. The parenting style of management assumes that leaders have knowledge that team members will never have. This makes employees feel helpless and lack of agency, which drains internal resources.
In contrast, a cooperative style, such as the way a CISO solicits ideas, solutions, and opinions from employees, can cultivate team members’ decision-making and problem-solving abilities, thereby enhancing their resilience.
This article is partly taken from Mark Tarallo’s new book, Modern management and leadership: best practice points for CISO/CSO applications, Published by CRC Press. You can find the book here: www.routledge.com/9780367558918
