A new report from password manager vendor 1Password found that employee burnout presents a "severe, pervasive and multifaceted security risk."  

Workers in virtually every industry are reporting high levels of burnout, said researchers – potentially leading employees to let their guard down around security threats.  

"Burned-out employees, we discovered, are often apathetic and lax about workplace security measures," the report authors wrote.  

"Perhaps most troubling, we found that cybersecurity professionals themselves report disproportionately high levels of burnout," they added.  

WHY IT MATTERS  

Cyber experts have routinely pointed to the importance of employee training as part of a robust security framework.   

However, the 1Password report suggests that training alone isn't enough, particularly when staff members aren't feeling engaged.  

The report, which drew on survey results from 2,500 North American adults whose work is conducted primarily at a computer, found that one in three workers say burnout is affecting their initiative and motivation levels – and that sentiment may be posing a critical threat.

For example, three times as many burned-out employees as their counterparts say security policies "aren't worth the hassle."  

Burned-out employees are more likely to create, download or use apps at work without the IT department's permission and to use easy passwords they won't forget. Many also say it's unrealistic for companies to manage all apps and devices workers use.  

Alarmingly, security professionals are reporting even higher rates of burnout – and nearly a third say they're looking for new jobs or are about to quit.  

"Security professionals were more likely than other types of workers to say they work around their company's policies because they are trying to solve their own IT problems themselves … or because they hate the software their company provides," the report explained.  

At the same time, phishing remained a top concern among many security professionals, in addition to ransomware.  

"With all of the heat on ransomware gangs right now, we may see a decline in sophisticated attacks against large organizations – and a focus on breaching the security of small to medium-sized businesses, as they tend to have fewer defenses," John Donovan, chief information security officer at the anti-malware software company MalwareBytes, said in the report.  

THE LARGER TREND  

The report draws an interesting connection between two major issues in the healthcare industry: cybersecurity threats and burnout.  

It's no secret that attacks on hospitals and health systems have been ramping up during the COVID-19 pandemic, and ransomware is of particular concern. At the same time, employee burnout levels among healthcare providers has also been rising.

"Moving forward, companies will need to focus on unintended threats from within as well as highly targeted threats from outside their organizations. When it comes to cybersecurity, the employee burnout conversation should be front and center," observed the 1Password report authors.  

ON THE RECORD  

"While fast-evolving technologies and practices have enabled organizations to survive and thrive throughout the COVID-19 pandemic, their rapid escalation – coupled with the enormous toll the pandemic has taken on employees’ lives and well-being – have created new opportunities for bad actors," read the 1Password report.

Kat Jercich is senior editor of Healthcare IT News.
Twitter: @kjercich
Email: kjercich@himss.org
Healthcare IT News is a HIMSS Media publication.