$626 million: The true cost of cybersecurity burnout | Issue #6

Welcome to issue #6 of the ThreatReady newsletter!

ThreatReady is your source of actionable truth based on the latest industry news. It offers a people-centric perspective that connects deeply with the challenges and triumphs of leading security teams and strategy.

If the cybersecurity landscape were a chessboard, the ThreatReady newsletter would be your strategic guide to staying three moves ahead of bad actors.

Building a firewall against cybersecurity burnout

Cyber threats don’t sleep. 

There’s a constant stream of new tactics, techniques, and procedures (TTPs) and Advanced Persistent Threats (APTs) for cybersecurity professionals to be aware of and defend against.

Our latest research report: Building a firewall against cybersecurity burnout , reveals the root cause of mental health struggles in cyber teams and provides strategies to combat the burnout pandemic. 

Here’s a snapshot of key findings: 

• On average, medium to large enterprises are losing over £130 million annually in the UK and over $626 million in the US due to lost productivity coming from stress, fatigue, or burnout.
• 90% of CISOs are concerned about stress, fatigue, or burnout affecting their team’s well-being.
• 74% of business leaders report staff taking time off due to stress, fatigue, or burnout.

By arming yourself with our unique research, you’ll be prepared to not only tackle burnout, but proactively look after your team, boosting your security posture in the long-term, and improving retention.

Read our report: Building a firewall against cybersecurity burnout

Are you compliant with NIST CSF 2.0?

The NIST CSF is a cybersecurity standard that many companies adopt to drive their security strategy. 

After a decade, it’s been updated to the NIST CSF 2.0. 

To remain compliant, companies must adapt to these changes, building their team’s capabilities in alignment with the new standards. 

New guidelines have been reshuffled and sub-requirements put in place:

The NIST CSF 2.0 has a keen focus on specific threats, such as AI, supply chain attacks, and data privacy risks.

• Privacy risks: The NIST Privacy Framework complements the NIST CSF by providing a privacy-focused approach to data management.
• Supply chain security: In addition to a sub-requirement focused on supply chain risks, NIST has published NIST SP 800-161 Cybersecurity Supply Chain Risk Management Practices for Systems and Organizations.
• Emerging technologies (AI): NIST has developed an AI RMF to help organizations manage AI risks to their business.

💡 HTB Academy’s SOC Analyst job role path, alongside blue team labs provides training on the key skills needed to perform incident detection and digital forensics. This includes both new and existing requirements in the NIST CSF’s Respond (RS) function.

See how HTB content helps align your team with NIST CSF 2.0.

60% of security pros fear AI will be used for sophisticated attacks

But we can use the technology to bolster our defenses against these AI-assisted attacks. 

“AI is now more accessible to a much broader audience, like entry-level security analysts.

We’re already seeing teams use the tech to automate repetitive aspects of triage, documentation, and incident report writing with custom tools.”

Sabastian Hague, Head of Defensive Content at Hack The Box.

Want more cybersecurity trend insights that aren’t from some generic listicle with little context? 

At Hack The Box, we’ve gathered unique statistics from our own original research, to give you a glimpse into strategies to improve your cybersecurity, alongside emerging trends and threats. 

Our pick of the top three insights:

1. 60% of security pros fear AI will be used for sophisticated attacks.
2. 68% say learning is better at beating burnout than boosting salary.
3. 3 in 10 security pros want a blue team role (before going “red”).

Read our top 18 cybersecurity statistics.

Win of the month (let’s celebrate fellow security leaders) 👏

Husam Shbib , Information Security Consultant, TrustLink: Recently launched a comprehensive website dedicated to guiding aspiring security professionals into the field of memory forensics , providing valuable resources and support to foster their growth and success.

👉 Share your win with the community

Your expertise and insights are invaluable. And we’re eager to share them with our vast audience of over 2.6 million members.

We’d be honored to feature your top "win" of the month related to your team, department, or security program in the next edition of ThreatReady.

A “win” could be:

• Achieving compliance or industry standards.
• Successfully onboarding new team members.
• Celebrating your team’s performance.

The top wins will be shared in the next month’s edition of ThreatReady (and if it’s really good, may get some additional love on social media). Want to share your win?

Drop a comment below telling us what it is👇