Personal resilience training for cyber teams ‘transformative’ for operational resilience
Eight hours of targeted training can have an outsized positive impact on resilience, finds research
New research from Cybermindz shows that organisations that invest in as few as eight hours of targeted resilience training for their cybersecurity teams benefit from transformative operational resilience.
Research shows that UK businesses plan to spend more on cybersecurity, as they become more aware of the risks to their operational resiliency – but we don’t yet know whether that spend is going to be focused predominantly on tools or people.
It might be wise to think about the latter. New research published by the not-for-profit Cybermindz, which advocates for the mental wellbeing of cybersecurity teams, has shown that money spent on a relatively small amount of targeted resilience training can have a proportionally much larger impact on operational resilience.
Eight, remotely delivered, one-hour resilience training sessions for cybersecurity professionals delivered significant, positive impacts on multiple cognitive and emotional performance risk factors, including:
- an average of an extra 26 minutes of sleep per night and an overall improvement in sleep quality of 16%, with "good sleepers" nearly doubling (from 27% to 47%), as measured by the Pittsburgh Sleep Quality Index (PSQI)
- 100% elimination of clinical acute burnout crisis cases (from 4% to 0%)—the most severe burnout profile where professionals are simultaneously highly exhausted, highly cynical, and doubting their effectiveness
- a 77% reduction in broader at-risk burnout cases, from 21% to 5% of participants—those showing moderate-to-high levels across all three burnout dimensions;
- A 71% reduction in participants showing attrition risk, from 27% to 8%. Marked by moderate cynicism, the attrition warning zone is regarded as the strongest predictor of resignation.
Cost-effective and the right thing to do
These are transformative improvements. After having ensured being seen as either a cost centre, a blocker of productivity and very probably both, CISOs and their teams are probably cheered by the increased awareness of our collective vulnerability, if perhaps a little unused to being asked so many questions by executive boards.
As companies realise just how important their cybersecurity teams are, it seems an opportune moment for organisations to consider their wellness, because cyber defender burnout translates into material financial and operational exposure for organisations when it occurs. It costs them far more than a few weeks sick leave.
74% of Chief Information Security Officers (CISOs) report security team attrition driven by stress and the cost of replacing lost staff runs at approximately 1.5-2x salary once the impact of lost institutional knowledge, recruitment fees and onboarding are factored in.
“As cyber threats continue to escalate globally, it’s essential for organisations to mitigate against the burnout-induced inability of cybersecurity staff to perform at their best; left unaddressed, the almost inevitably alternative is continuing degradation in the protection of critical systems and assets,” said Peter Coroneos, founder of Cybermindz.
“This research shows that personal resilience training is an efficient and cost-effective solution, yielding a transformative impact on operational resilience. For organisations, it’s both doing the right thing and benefiting from doing so.”
Other findings from Cybermindz’ study included:
- the near-elimination of participants exhibiting high stress (from 14% to 4%), and the doubling of participants exhibiting low stress (from 26% to 50%), as measured by Perceived Stress Scale (PSS);
- the near-elimination of participants with at-risk low professional efficacy – those doubting their competence and impact – from 11% to 2%, as measured by the Maslach Burnout Inventory (MBI);
- a drop in overall exhaustion of 19%, a reduction in cynicism of 26% and improvement in professional efficacy of 10%, as measured by the Maslach Burnout Inventory (MBI).