Possibility
Explore our work: what we do, how we do it, and the value we create for our clients.
Impact
Culture
Possibility
Explore our work: what we do, how we do it, and the value we create for our clients.
Global Shifts
Empowered consumers
Healthier humans
Future organisations
Business for better
Safer societies
Sustainable world
Industries
Consumer and manufacturing
Defence and security
Energy and utilities
Financial services
Government and public sector
Health
Life sciences
Transport
Services
Set growth strategy
Build brands, products, and services
Reimagine AI, digital, and data
Improve organisational performance
Deliver complex programmes
Empower your people
Impact
Culture
In the media

Security think tank: How to manage security team well-being

Daniel Edwards

By Chris Goslin, Daniel Edwards

Computer Weekly

01 May 2020

This article was first published on Computer Weekly

A wave of anxiety and uncertainty has swept the world in light of the Covid-19 coronavirus pandemic. This has caused a number of fundamental changes in the security environment. Most people are working from home, putting pressure on old systems and encouraging organisations to rapidly adopt new ones. Business priorities are changing and people are increasingly socially isolated. 

Cyber criminals are successfully taking advantage of this crisis. The UK NCSC and US Department for Homeland Security report that, although there has not been a large increase in cyber crime, the techniques being used are increasingly focused on exploiting Covid-19 – and are proving effective.  

With the merger of the home and office security environments, there is even more pressure on chief information security officers (CISOs) and their teams to maintain the protection of their organisations. 

Even when organisations were in a relatively stable state, CISOs and security professionals were feeling highly pressured. A recent Nominet study found that 71% of CISOs thought their work-life balance was skewed heavily towards work and 98% reported difficulty being able to switch off from work. 

This has a number of business and personal impacts which cost the UK economy £34.9bn a year, according to the Centre for Mental Health, including:

  • Higher levels of absence – in 2019, the Health and Safety Executive (HSE) reported that stress, depression or anxiety were responsible for 54% of working days lost in the UK.

  • Higher staff turnover – in 2020, the Department for Digital, Culture, Media and Sport (DCMS) report on cyber security skills found that the average cyber firm expects 31% attrition per year.

  • Lower quality of work and lower response times.

  • Degrading personal relationships – 32% of CISOs reported repercussions on their romantic relationships.

  • Degrading physical health – 23% reported potentially abusing medication or alcohol due to stress. 

With the extra pressure of the Covid-19 response, if well-being was a hot topic before, it is now on fire. 

Improving mental well-being 

Most people know that there are things they could and should do to establish a healthy routine and adapt to the new situation. But knowing those things doesn’t mean they end up doing them. It is easy to get overwhelmed by the situation and all the advice being provided, do nothing, and end up worse off both mentally and physically. There are, however, some activities that CISOs and leadership can do now which will help manage the pressures of the current crisis:

  • Support your teams: Covid-19 affects your people’s lives in different ways. Some of them care for elderly relatives, are facing childcare challenges or home schooling children, or simply struggle to work from home. Providing your team with greater flexibility and autonomy on working hours will lead to a more productive, happier team. Check in with your staff regularly, especially those you know live alone.

  • Provide useful well-being advice: You don’t need to be an expert, but you can point your team to expert advice. Help them to recognise symptoms of poor mental well-being like low concentration, worrying more, sleeplessness, indecision and low motivation. There are plenty of resources available that help people to identify and address mental health issues, such as mental health charities or the NHS website.

  • Run interactive well-being campaigns: Consider setting your employees well-being challenges that can help them through these difficult times. PA Consulting is doing this across its business and now provides a free version of an experiential toolkit – Coping with Covid-19: 19 well-being challenges – to clients to set up their own well-being programme. This will help keep your teams engaged, improve their resilience and form a well-being support network.

  • Provide certainty in uncertain times: Leadership can reduce stress for their employees by providing honest and transparent communication. Your people need more certainty about what each Covid-19 development or government guideline means for them and the organisation. Where you don’t yet know, just say so, and provide updates as you know more.

  • Make a plan: CISOs can provide their teams with stability and confidence by proactively creating a plan of action to get through the crisis response and recovery phases and into the post-crisis era. Clear tasks and responsibilities will also help keep teams engaged even though they are isolated from each other, maintaining quality and team motivation.

  • Embrace technology: Technology is providing novel ways of connecting and collaborating with others, which is critical to well-being. Keep curious – are there new ways of working that help teams feel more connected? Consider how new tools can be used to keep your people engaged and motivated, and provide pragmatic advice on how to use them securely. This can also help improve the perception of the CISO team as proactive, helpful and a key part of keeping the organisation working.

Look to the future

These are difficult times for everybody, but they are encouraging us to think differently, to be more innovative and people centric. The skills the CISO and their teams develop during this crisis can lead to better ways of working, which can be taken into the post Covid-19 world. 

If leaders engage positively with their people, focus on their mental well-being, help teach them skills to improve their resilience and encourage new ways of working, it is likely that organisations will not only survive this crisis, but will thrive in the “new normal” of the future. 

Chris Goslin is a cyber security expert, Daniel Edwards is a people and performance expert and Caroline von Koenig is a well-being expert, at PA Consulting 

Explore more

Press release

PA Consulting wins Social Mobility Initiative of the Year at the British Diversity Awards 2024

PA wins Social Mobility Initiative of the Year at the British Diversity Awards 2024.
Two colleagues discussing work.
In the media

Are Friends Electric?

PA Consulting's Dean Collins and Adam Bertelsen discuss the extent to which GenAI will disrupt jobs and careers.
Two colleagues discussing work.
Woman at laptop.
In the media

It's time to take a modern approach to password management

PA Consulting's Raul Zeppenfeldt Molina urges organisations to take a modern approach to password management as we move towards an ever more passwordless future.
Woman at laptop.
City skyline at night.
In the media

Glass Lewis tightens cyber security voting policies after SEC changes

PA Consulting's Adam Stringer discusses what shareholders expect of Boards when it comes to cybersecurity from a governance and disclosure perspective.
City skyline at night.

Contact the team

We look forward to hearing from you.
Get in touch

Get actionable insight straight to your inbox via our monthly newsletter.