One in two cyber security professionals have been prscribed medication for mental health, according to a recent global resesarch report. And of those who have identified as burnt out, 65% have actually considered leaving the industry.
Anna Collard, SVP of content strategy and evangelist at security awareness specialist KnowBe4 Africa, stated that in Africa, 47% of cyber security and risk professionals feel stressed at work.
During her presentation on managing employee wellbeing and improving retention at the ITWeb GRC conference, Collard said distraction and multitasking were making it more difficult for employees to cope.
She sad that 49% of remote workers who failed phishing scams did so because they were preoccupied, according to a study by Thales Group in 2021.
She advised IT and GRC professionals attending the event to encourage their staff to practice focus, resist the temptation to multitask, avoid distraction by ‘taking a moment to breathe’ and 'think before clicking.
“It’s also about considering the vulnerability of the amygdala in the brain, which responds to psychological threats as if they were physical,” she said.
The amygdala, she explained is a part of the brain that generates immediate emotional responses. Many common cyber security scams use so-called 'amygdala hijacking' to their benefit.
In addition, cyber security professionals are trained to be cognisant of the ‘fight or flight’ scenarios in their jobs, which adds to stress.
Mindfulness and wellbeing
Collard said that AI-based mindfulness training and corporate employee wellbeing programmes help.
“These benefit the workplace – and GRC – by reducing absenteeism, improving focus and productivity.”
A recent KnowBe4 cyber security survey found that criminal masterminds, smart attack vectors, clever phishing tactics, and sophisticated cyber crime methodologies were putting people and platforms at risk.
“The problem is – everyone should be concerned about cyber crime,” said Collard. “All it takes is for one person to introduce a virus to a system or open up a doorway or lose their password, and the entire organisation is put at risk. Training has never been more important, especially when there is a clear trend indicating that people feel like they do not know enough about cyber crime to protect themselves, or feel like they do not understand what they need to do to stay informed about the risks.”