we’re focused on…
Mental health in the cybersecurity industry.
Really?
Yep. Because we all know that people are the basis for effective cybersecurity. An organisation relies on all of its team members to play their role in safeguarding overall security, and it relies on cybersecurity professionals to implement technologies and processes, and train internal teams to use them.
But cybersecurity professionals are human beings first. And the job isn’t easy.
“We are under tremendous pressure and strain,” Sam Curry (CISO at Zscaler) told us.
“And the biggest problem is dialogue with businesses who think we are technologists first. We need better dialogue and not just to live with risk. Because burnout is high and substance abuse, from drugs and alcohol to food abuse and sedentarism are rampant. Taking the time to be healthy and social and active, and taking the time for self-care matters!”
What’s the problem? In numbers:
A recent survey of 101 cybersecurity professionals by Australian firm Sekuro found that:
🧠 More than nine in 10 (91%) cybersecurity professionals have experienced mental health challenges at work in the last two years.
🧠 51% of respondents said their mental health was negatively affected by poor work culture and/or management styles.
🧠 50% said their mental health struggles were caused by the nature of the job – because cybersecurity is inherently high-stress.
🧠 41% attributed their poor mental health to lack of funding for the industry; 37% said it was affected by lack of necessary skills within their team; and a third of respondents said they struggle with ‘imposter syndrome’.
🧠 28% said remote working is responsible for their struggles; with minimal social interactions and a lack of clear boundaries between home and work.
🧠 One of the biggest worries, shared by 44% of respondents, was that their organisations have unrealistic expectations.
🧠 Following that, the threat of ransomware and malware attacks was the biggest worry for 35%, with another 35% most concerned about the threat of data breaches.
🧠 37% said they had quit at least one job in cybersecurity because of the above challenges, and 9% said they’d changed careers completely.
It’s a problem for everyone
The last point on that list shows that mental health in cybersecurity is a problem for everyone. Because if top professionals leave their jobs (or quit the industry) to seek a less stressful way of working and living, we’re all in trouble. We need cybersecurity experts – and as digitisation continues, we’ll need them more and more.
There are already reports of a cyber skills crisis around the world, including in the UK, the MENA region, and in the US. We’re struggling to cultivate professional skills in this sector quickly enough to meet growing demand – so we can’t lose the people we already have.
What can be done?
Another 2022 survey by Tines covered 1,027 cybersecurity professionals in the US and Europe and found that 51% of respondents had been prescribed medication for their mental health; 58% were taking medication for their mental health at the time of the survey; and 49% were seeing a therapist.
But it’s not enough to treat mental health challenges when they arise. Organisations within the industry need to implement changes that ease the pressure and prevent some of the biggest stressors from causing poor mental health.
It’s always going to be a high-stakes profession. Money, data, personal safety and company reputations constantly hang in the balance. The first step to improving the situation for cybersecurity professionals, though, is simple:
Listen.
Listen to survey respondents when they offer invaluable insights into the cause of their struggles. Encourage them to share more.
Cut through the culture of work-hard-and-pretend-you’re-invincible that still exists within some organisations, and let cybersecurity people be…people.
Swap unrealistic expectations for empathy about how to address challenges – and when you’re working to increase productivity, consider that happier, healthier teams will do better work. Review workloads regularly, strive to ensure that no single person is carrying all the pressure on their own, and promote an open dialogue about work, well-being, and worries.
Small changes will feed into bigger, industry-wide shifts in the approach to work. Incremental improvements in working lifestyle will create incremental reductions in burnout. We know cybersecurity is a fast-paced, vibrant, mind-bending industry to work in: so let’s also make it an industry that looks after its people.
Read our interview with Sam Curry: Why cybersecurity wants everyone
P.S. - Mark your calendars for the return of Black Hat MEA in November 2024. Want to be a part of the action? Register now!