Security Magazine logo
search
cart
facebook twitter linkedin youtube
  • Sign In
  • Create Account
  • Sign Out
  • My Account
Security Magazine logo
  • NEWS
    • Security Newswire
    • Technologies & Solutions
  • MANAGEMENT
    • Leadership Management
    • Enterprise Services
    • Security Education & Training
    • Logical Security
    • Security & Business Resilience
    • Profiles in Excellence
  • PHYSICAL
    • Access Management
    • Fire & Life Safety
    • Identity Management
    • Physical Security
    • Video Surveillance
    • Case Studies (Physical)
  • CYBER
    • Cybersecurity News
    • More
  • BLOG
  • COLUMNS
    • Cyber Tactics
    • Leadership & Management
    • Security Talk
    • Career Intelligence
    • Leader to Leader
    • Cybersecurity Education & Training
  • EXCLUSIVES
    • Annual Guarding Report
    • Most Influential People in Security
    • The Security Benchmark Report
    • The Security Leadership Issue
    • Top Guard and Security Officer Companies
    • Top Cybersecurity Leaders
    • Women in Security
  • SECTORS
    • Arenas / Stadiums / Leagues / Entertainment
    • Banking/Finance/Insurance
    • Construction, Real Estate, Property Management
    • Education: K-12
    • Education: University
    • Government: Federal, State and Local
    • Hospitality & Casinos
    • Hospitals & Medical Centers
    • Infrastructure:Electric,Gas & Water
    • Ports: Sea, Land, & Air
    • Retail/Restaurants/Convenience
    • Transportation/Logistics/Supply Chain/Distribution/ Warehousing
  • EVENTS
    • Industry Events
    • Webinars
    • Solutions by Sector
    • Security 500 Conference
  • MEDIA
    • Videos
      • Cybersecurity & Geopolitical Discussion
      • Ask Me Anything (AMA) Series
    • Podcasts
    • Polls
    • Photo Galleries
  • MORE
    • Call for Entries
    • Classifieds & Job Listings
    • Continuing Education
    • Newsletter
    • Sponsor Insights
    • Store
    • White Papers
  • EMAG
    • eMagazine
    • This Month's Content
    • Advertise
  • SIGN UP!
CybersecurityManagementSecurity Leadership and ManagementCybersecurity News

Cyber Response Fatigue Management: Overlooked and Undervalued

Are Cyber Professionals Too Exhausted to Monitor for Attacks?

By Neil Karan
Security Fatigue
March 29, 2018

With the growing visibility around cyber breaches, there is now a heightened sensitivity among corporate boards and executive teams as they become more engaged in the management of cyber risk, and its ability to impact their business and personal indemnity.

To counteract this growing awareness, the security industry itself has exploded with new products and vendors.  With the cybersecurity market anticipated to be worth over $200 billion by 2022 there is an abundance of information aimed to influence business investment decisions.  However, through all the webinars, workshops and whitepapers, a foundational expectation has bubbled to the surface and taken hold, and that is a company’s ability to identify and respond to a cyber event. 

Whether that ability is supported by a series of technologies or driven by regulatory mandates, the public’s tolerance around cyber events is shrinking. With the increasing rate of breaches that impact consumers’ lives, corporate distrust is greater than ever.  

Corporations not wanting to land themselves in a similar context are now committing money, focus and expectations onto existing IT groups or niche cyber response teams to try and manage this risk.  However, the increased pressure for managing this type of risk is quickly outpacing available cybersecurity staff and skills, and executive expectations and technology risk management processes are starting to deviate.  According to the ISSA and ESG’s recent research:

  • 63% of organizations are seeing increasing workloads on already existing staff,
  • 41% of cybersecurity teams are spending time on high priority issues and incident response with minimal time spent on planning, training or strategy,
  • 38% of cyber staff are citing “burn out,” and
  • 24% of cyber teams do not have the ability to investigate or prioritize security alerts in a timely manner.

Cyber events are rarely linear and seldom stay within the confines of a normal 9-to-5 day.  Along with the growing complexity of technology, expectations around personnel delivery capabilities are growing.  Professionals are now expected to be able to perform more advanced techniques such as forensics, application and cloud security, while keeping apprised of the most recent threats. This is leading to increased stress and fatigue as these demands are outpacing the training and support programs offered by corporations.      

Further contributing to fatigue within incident response teams, and often taken for granted, is process management.  In response to an evolving threat landscape, more agile and less process-oriented teams are organically rising to try and respond to business requirements, but over time these teams find themselves more in a whack-a-mole security function than a refined operations team.  A lack of process means that incidents of a commoditized nature (e.g. botnets) take longer to identify and remediate as teams try and orient themselves into action.  If these types of incidents happen frequently, they begin to take their toll on responders.

However, it’s not all doom and gloom.  Processes, when mapped out and documented, can help response teams better orient and direct their efforts when in the heat of the moment and when balancing other accountabilities.  Security leaders should consider leveraging frameworks such as Lockheed Martin’s Cyber Kill Chain or NIST to develop repeatable processes and practice sets for commodity risks, and complement those with technologies that provide the best ROI to their teams.  For organizations cutting their teeth in cyber, this practice cannot be overstated. 

Organizations with more mature practices should be spending time on preparation drills.  Leaders should ensure teams are refining and mastering their documented response activities and ensuring that commodity responses are as repeatable as possible.  The mastery of these basic skills not only will increase a team’s general capabilities, but will afford them time to focus effort on things that may be of a more advanced nature. 

At its core, cyber response involves responding to a corporation’s more intimate issues and risks, and that is a relationship built on trust.  Executives and Boards are expecting their leaders to not only deliver on their expectations, but also to appropriately communicate where exposures exist.  Patching and vulnerabilities are core data points, but the general health of the frontline team also needs to be understood and at times executive expectations recalibrated.  Fatigue and burn out can lead to impaired concentration and attention and should not be overlooked. For cyber response teams this can be a dangerous proposition, and it paves the way for a corporation to be the next cautionary tale.  

KEYWORDS: event management security career security fatigue

Share This Story

Looking for a reprint of this article?
From high-res PDFs to custom plaques, order your copy today!

Neil Karan is the Director of Cyber Security Strategy and Operations for an Alberta based utility in Canada.  He has 15 years of cybersecurity and technology risk management expertise developed in both consulting and private sector, and has a personal passion for cyber strategy and open source intelligence analysis.   

Recommended Content

JOIN TODAY
To unlock your recommendations.

Already have an account? Sign In

  • Security's Top Cybersecurity Leaders 2024

    Security's Top Cybersecurity Leaders 2024

    Security magazine's Top Cybersecurity Leaders 2024 award...
    Top Cybersecurity Leaders
    By: Security Staff
  • cyber brain

    The intersection of cybersecurity and artificial intelligence

    Artificial intelligence (AI) is a valuable cybersecurity...
    Security Enterprise Services
    By: Pam Nigro
  • artificial intelligence AI graphic

    Assessing the pros and cons of AI for cybersecurity

    Artificial intelligence (AI) has significant implications...
    Technologies & Solutions
    By: Charles Denyer
Subscribe For Free!
  • Security eNewsletter & Other eNews Alerts
  • eMagazine Subscriptions
  • Manage My Preferences
  • Online Registration
  • Mobile App
  • Subscription Customer Service

More Videos

Sponsored Content

Sponsored Content is a special paid section where industry companies provide high quality, objective, non-commercial content around topics of interest to the Security audience. All Sponsored Content is supplied by the advertising company and any opinions expressed in this article are those of the author and not necessarily reflect the views of Security or its parent company, BNP Media. Interested in participating in our Sponsored Content section? Contact your local rep!

close
  • Crisis Response Team
    Sponsored byEverbridge

    Automate or Fall Behind – Crisis Response at the Speed of Risk

  • Perimeter security
    Sponsored byAMAROK

    Why Property Security is the New Competitive Advantage

  • Duty of Care
    Sponsored byAMAROK

    Integrating Technology and Physical Security to Advance Duty of Care

Popular Stories

Pills spilled

More than 20,000 sensitive medical records exposed

Laptop in darkness

Verizon 2025 Data Breach Investigations Report shows rise in cyberattacks

Coding on screen

Research reveals mass scanning and exploitation campaigns

White post office truck

Department of Labor Sues USPS Over Texas Whistleblower Termination

Computer with binary code hovering nearby

Cyberattacks Targeting US Increased by 136%

2025 Security Benchmark banner

Events

May 22, 2025

Proactive Crisis Communication

Crisis doesn't wait for the right time - it strikes when least expected. Is your team prepared to communicate clearly and effectively when it matters most?

September 29, 2025

Global Security Exchange (GSX)

 

View All Submit An Event

Products

Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

See More Products

Related Articles

  • Employee training

    Fighting security fatigue with proper training reduces cyber risks

    See More
  • Dispelling the Dangerous Myth of Data Breach Fatigue; cyber security news

    Dispelling the Dangerous Myth of Data Breach Fatigue

    See More
  • ukraine flag

    Bolstering crisis response practices during geopolitical cyber threats

    See More
×

Sign-up to receive top management & result-driven techniques in the industry.

Join over 20,000+ industry leaders who receive our premium content.

SIGN UP TODAY!
  • RESOURCES
    • Advertise
    • Contact Us
    • Store
    • Want More
  • SIGN UP TODAY
    • Create Account
    • eMagazine
    • eNewsletter
    • Customer Service
    • Manage Preferences
  • SERVICES
    • Marketing Services
    • Reprints
    • Market Research
    • List Rental
    • Survey/Respondent Access
  • STAY CONNECTED
    • LinkedIn
    • Facebook
    • YouTube
    • X (Twitter)
  • PRIVACY
    • PRIVACY POLICY
    • TERMS & CONDITIONS
    • DO NOT SELL MY PERSONAL INFORMATION
    • PRIVACY REQUEST
    • ACCESSIBILITY

Copyright ©2025. All Rights Reserved BNP Media.

Design, CMS, Hosting & Web Development :: ePublishing