The security of the UK’s transport, energy and other critical national infrastructures (CNI) could be threatened by staff burnout and IT skills shortages, according to new research from cybersecurity services company Bridewell Consulting.
The firm discovered that, in the last year, 85% of IT decision-makers working to protect Britain’s infrastructure have felt increased pressure to improve cybersecurity controls. Of those, 47% have suffered unsustainable stress, 41% have been absent because of burnout, 32% are looking for another job and 28% have resigned, Bridewell Consulting claimed.
Meanwhile, a lack of skilled and knowledgeable IT staff continues to add to the pressures felt by CNI security teams, the research found, with 84% of those polled believing there will be a critical cybersecurity skills shortage in the CNI sector in the next three to five years.
The findings make for concerning reading, particularly given the prevalence and potentially serious implications of IT security incidents on CNI. As many as 86% of CNI organizations detected cyber-attacks in the last year and 93% of these experienced at least one successful attack.
Scott Nicholson, Co-CEO at Bridewell, said: “Cybersecurity experts are a vital first line of defense but stress and burnout seem to be seriously affecting individuals’ wellbeing. The prospect of people leaving jobs as a result is particularly worrying at a time when the threat of attacks is so high. Ultimately, cybersecurity isn’t just an IT or OT issue – it’s a business issue. Tackling it as such will result in the strongest, most effective teams, equipped with the right tools to keep our infrastructure safe.”
The findings from Bridewell Consulting come just a few days after Forcepoint released similar research about the security implications of staff stress and burnout. In said research, it was discovered that the pressures of remote working and caregiving during the COVID-19 pandemic have taken a significant psychological toll on UK employees, leading to risky behaviors online which could expose employers to cyber-threats.