Employee wearing face mask feeling tired looking at laptop screen showing pandemic burnout

Why Pandemic Burnout Is a Cybersecurity Problem and How To Fix It

The COVID-19 pandemic has been hard on all of us and pandemic burnout is becoming increasingly prevalent as a result of all of the pandemic related restrictions and accommodations. Somewhat surprisingly, there is more to pandemic burnout than just wanting the world to go back to the way that it used to be. Pandemic burnout is directly contributing to a variety of cybersecurity problems.

Burned-out employees care less about security measures

At the end of 2021, 1Password conducted a study in an effort to determine the extent to which employees were feeling burned out and how that burnout might be impacting cybersecurity. This study was based on a survey of 2500 users who spend the bulk of their time working with a computer. The study’s results were eye opening to say the least.

Some of the key findings from the report included:

  • “Burned-out employees were 3 times as likely as others to say security rules and policies aren’t worth the hassle”
  • “Security professionals were twice as likely as others to say that due to burnout, they’re completely checked out at work”
  • “Nearly half of burned-out security professionals say it’s unrealistic for companies to be aware of and manage all apps and devices that employees use”

These statistics point to the idea that there is a direct correlation between burn out and lax security practices. Additionally, the study found that burn-out impacts end users and security professionals alike. The report concluded that “When even a small number of people relax their vigilance, organizations are at grave risk. Pervasive burnout among security professionals and other employees presents a significant cybersecurity threat”.

Cybersecurity is put at risk

While it might be tempting to dismiss the idea that burn out presents a direct threat to cybersecurity as one person’s opinion, the concept is backed up by other studies. HP for example, conducted a study that revealed similar findings. While the HP report was not focused on burn out per se, it did examine feelings of apathy, frustration, and dejection, all of which are closely tied to burn out.

The 2021 HP Wolf Security Rebellions and Rejections Report was based on a survey of office workers between the ages of 18 and 24. Just as the 1Password study found burnout to be prevalent among both end users and IT pros, the HP study also found both end users and IT pros to be suffering. Among the report’s key findings were:

  • 54% of those surveyed were more concerned with deadlines than the possibility of exposing the organization to a data breach.
  • Only 36% of respondents had been given any training on how to protect their home networks against cybersecurity threats.
  • 48% of those responding to the survey consider security policies to be a hinderance, and only 39% even know what the security policies even are.
  • 37% of the respondents said that their employer’s security policies were too restrictive, with 48% of the people saying that security measures waste a lot of time.

IT employees are taking the brunt of the pain

Just as the 1Password study found burn out among security professionals, the HP study also found that IT security pros are having a tough time coping with the stresses of enforcing the organization’s security policy, often against the wishes of the end users. The survey revealed the following findings:

  • “80% of IT teams experienced pushback from end users”.
  • “80% of IT teams said that IT security has become a thankless task”.
  • “69% of IT teams said that they are made to feel like the bad guys for imposing restrictions on employees”.

Unfortunately, burn out and apathy toward security policies have created an environment where security has largely taken a back seat to other priorities. According to the study:

  • “91% of IT teams felt pressure to compromise security for business continuity”.
  • “83% of IT teams believed home working has become a ticking time bomb for a network breach”.
  • Most disturbingly, 31% of office workers surveyed tried to circumvent the organization’s security

All of these statistics collectively point to the idea that the pandemic and all of its related restrictions are causing many people to feel completely burned out, and that this burn out seems to be affecting IT pros just as much as it is end users. Worse still, all of this burn out is adversely impacting IT security.

Making security a priority without over-taxing end-users

The most important question for organizations to consider right now is what they can be doing to reduce employee stress and burn out along with the resulting security problems.

One of the best options is to look for ways to make security frictionless, which in turn reduces user’s stress along with the potential for burn out. Frictionless security also has another compelling benefit. Users are far less likely to neglect or to circumvent an organization’s security if adhering to the security policies requires very little effort on the part of the end user.

One way of accomplishing this is to use a password policy and compliance tool like Specops Password Policy. Specops Password Policy provides dynamic feedback as a user is changing their password. This feedback makes the organization’s password policy crystal clear to the end user, meaning that they will never have to wonder why their new password is not being accepted.

The user will know exactly what they need to do as they are creating their new, compliant, and strong, password—cutting back on calls to the helpdesk and creating stronger passwords that can be kept longer. Plus, they won’t need to feel frustrated by reattempts to set a strong password.

On the backend, Breached Password Protection is actively blocking over 2 billion known breached passwords, Specops Password Policy is ensuring your end-user passwords are compliant with your policies, and you can set custom parameters for each group.

Test out Specops Password Policy with Breached Password Protection in your Active Directory for free.