We need to talk about mental health in cybersecurity
It probably doesn’t come as a surprise to many in the industry, but cyber security has a mental health problem.
Mental Health Survey
Ahead of Mental Health Awareness Month in October, Sekuro surveyed 101 cyber security professionals to find out how they’ve been coping over the past two years. The results were distressing, but unfortunately, not surprising. As threats worsen and boards become more anxious about cyber risk – those who work in the industry will know first-hand the pressure that’s been put on cyber security professionals, particularly since the start of the pandemic. This pressure to prevent attacks at all costs has come at the expense of our industry’s most valuable assets – our people.
Our survey found the vast majority of cyber security professionals (91%) reported experiencing mental health challenges at work over the past two years. Just as worryingly, only 11% reported they hadn’t experienced burnout due to their job.
A third of people said imposter syndrome contributed to mental health issues.
We also found that mental health challenges spanned across seniority levels, with the highest rate of burnout among team leads and individual contributors. Only 5% of these two groups said they hadn’t felt burnout over the past two years. This was compared to 14% amongst executive leaders.
So, what can we do to improve mental health in cyber security?
It’s not enough to name the problem, we now need to come together to find solutions that will make long-term impacts to improve mental health across the board. If not, we not only risk losing talent but lives too.
The top request from employees to improve mental health in their workplace was more resourcing and tools to relieve pressure on staff (51%), followed by replacing management personnel who contribute to poor mental health outcomes (34%).
We know resourcing is a major hurdle across the industry right now, and many organisations can’t hire fast enough to meet the demand for services. Instead of blaming burnout on the talent shortage, what we really need to do is look at how we can prioritise our people over our profits and not overextend teams for the sake of the bottom line.
The top 3 ways cyber security professionals prevent or recover from poor mental health are by getting outside (66%), staying active (65%) and spending time with family and friends (61%). Interestingly, only 48% said they set clear boundaries at work to address mental health concerns.
Whilst it sounds simple, we need to provide our people with the opportunities to unwind in ways that work for them. If we listen to what the survey is telling us, perhaps rather than scheduling that next all-hands in a dark office, maybe it’s time to move things outside?
What we know is that it’s clear cyber security is experiencing a mental health crisis, and it’s on each and every one of our shoulders to think differently about how we can support our people and each other so that together we can protect Australians.
You can read more from our “Mental health in the Australian cyber security industry” report here.
If you or someone you know is in crisis and needs help now, call triple zero (000). You can also call Lifeline on 13 11 14 — 24 hours a day, 7 days a week.