FEATURE
cybersecurityeurope
IN THE FIRING LINE
Executives with cyber security responsibility must tackle the escalation of occupational stress – before chronic mental strain results in IT security failure and job losses.
SURELY ONE OF THE MORE DISTURBING REVELATIONS IN SUNGARD AS’S RECENT THE RESILIENCE IMPERATIVE REPORT IS that, in taking greater responsibility for the cyber governance of the organisations they lead, some c-suite executives are now subjected to blame and abuse when cyber security incidents occur. It’s enough to unstiffen the stiffest of upper lips. Some 45% of the report’s respondent sample said they’d experienced ‘abuse online, verbally, and in some cases physical threats’, while 20% said that such abuse even ‘extends to their family and friends’. Such personalised attacks are just one of range of stresses being heaped upon technical and non-technical chief officers in addition to the day-to-day duress of persistent and malicious cyber attacks. BRIEF
The burnout these accumulated stressors bring can cause acute harm at both collective and individual levels. Although it’s often claimed that some people ‘thrive on stress’, for most of us stress is a performance inhibitor. This is all to the favour of cyber attackers, because stressed-out people do not perform well and/or do their jobs as effectively as possible – and become more liable to slip-up. A stressed work team is unable to watch-out for one of its number who may show signs of inattention. Oversight suffers, and mistakes are made in cyber defence administration. In the wider context, workplace stress and mental health have a major impact on national productivity and economic growth. According to the UK Health and Safety Executive’s Health and Safety at Work summary, 595,000 workers suffered from work-related stress, depression or anxiety (new or long-standing) in 2017/2018, and 15.4m working days were lost due to ‘workrelated stress, depression or anxiety’ over the same period. Both statistics are increases on the previous years. Awareness of the problem in cyber security circles is being raised. The topics of stress and mental health issues caused by cyber security pressures are being openly discussed at conferences and other industry gatherings. Mental health in cyber security were headline topics at events in the
THE EUROPEAN UNION WORKING TIME DIRECTIVE 2003/88/EC This gives EU workers the right to at least four weeks paid holidays per year, rest breaks, and rest of at least 11 hours per day; restricts excessive night work; and provides for a right to work no more than 48 hours per week. Since
24 92
excessive working time is cited as a primary cause of stress, depression and illness, the directiive’s purpose is to protect health and safety.