Sekuro Cyber Security Mental Health Survey
We need to talk about mental health in cyber security
It probably doesn’t come as a surprise to many in the industry, but cyber security has a mental health problem.
Ahead of Mental Health Awareness Month in October, Sekuro surveyed 101 cyber security professionals to find out how they’ve been coping over the past two years. The results were distressing, but unfortunately, not surprising. As threats worsen and Boards become more anxious about cyber risk – those who work in the industry will know first-hand the pressure that’s been put on cyber security professionals, particularly since the start of the pandemic. This pressure to prevent attacks at all costs has come at the expense of our industry’s most valuable assets – our people.
Our survey found the vast majority of cyber security professionals (91%) reported experiencing mental health challenges at work over the past two years. Just as worryingly, only 11% reported they hadn’t experienced burnout due to their job.
Half of respondents (51%) attributed their mental health struggles at work to poor culture and/or management styles, with 50% citing the high-stress nature of a job in cyber security.
Of those that experienced mental health challenges, a staggering 37% quit their jobs in response to mental health issues, with 9% changing career paths altogether. According to a workforce study by (ISC)², as of 2021, there were 134,690 cyber security workers in Australia. If this trend is reflected industry-wide, that means over 12,000 cyber security professionals could have left the industry over the past two years.
Additional Key Findings
- Of those that experienced mental health challenges, a staggering 37% quit their jobs in response to mental health issues, with 9% changing career paths altogether. According to a workforce study by (ISC)², as of 2021, there were 134,690 cyber security workers in Australia. If this trend is reflected industry-wide, that means over 12,000 cyber security professionals could have left the industry over the past two years.
- Cyberattacks aren’t the biggest worry amongst cyber security professionals. Of the 91 cybersecurity professionals that responded to the question, unrealistic expectations from the board/executive leadership is keeping close to half (44%) of them up at night. Ransomware and malware attacks along with data breaches were an equal second at 35%.
- The cyber talent gap still remains an issue with over a quarter saying growing the team is their biggest concern (26%).
- Only slightly more than one-fifth (22%) said a pay rise or promotion would help their mental health.
The survey found mental health challenges in the workplace span across all seniority levels.
Only 14% of executive leaders said they hadn’t experienced burnout in the past two years. The highest rates of burnout were among team leads and individual contributors, with only 5% respectively claiming they had not experienced burnout due to their job.
What can we do to improve mental health in cyber security?
It’s not enough to name the problem, we now need to come together to find solutions that will make long-term impacts to improve mental health across the board. If not, we not only risk losing talent but lives too.
The top request from employees to improve mental health in their workplace was more resourcing and tools to relieve pressure on staff (51%), followed by replacing management personnel who contribute to poor mental health outcomes (34%).
We know resourcing is a major hurdle across the industry right now, and many organisations can’t hire fast enough to meet the demand for services. Instead of blaming burnout on the talent shortage, what we really need to do is look at how we can prioritise our people over our profits and not overextend teams for the sake of the bottom line.
The top 3 ways cyber security professionals prevent or recover from poor mental health are by getting outside (66%), staying active (65%) and spending time with family and friends (61%). Interestingly, only 48% said they set clear boundaries at work to address mental health concerns.
Whilst it sounds simple, we need to provide our people with the opportunities to unwind in ways that work for them. If we listen to what the survey is telling us, perhaps rather than scheduling that next all-hands in a dark office, maybe it’s time to move things outside?
What we know is that it’s clear cyber security is experiencing a mental health crisis, and it’s on each and every one of our shoulders to think differently about how we can support our people and each other so that together we can protect Australians.
Get the report
Download and share the full report.
Cyber Mental Health Survey Methodology
Sekuro conducted a survey of 101 cyber security professionals using Zoho Survey from 31 March – 24 August 2022. The survey was shared via Sekuro’s LinkedIn account and customer database, as well as its community partners including ISACA Sydney Chapter, Cyber Risk Meetup, and MySecurity Marketplace.
The data captures survey answers from 101 participants residing in Australia and overseas at the time of completion of the survey. Of the 101 participants, 12% were from outside Australia, including Singapore, Japan, the United Kingdom, the United States and Canada.
Sekuro incentivised respondents by offering a AU$50 donation to a mental health charity of their choice per completed survey. Sekuro donated AU$5,050 dollars to mental health charities as part of the research. The funds were split across Beyond Blue ($1600), R U OK? ($1900) and Black Dog Institute ($1550).