The hidden threat: Mental health in the cybersecurity realm
A third of cybersecurity experts are kept awake at night by stress. As tech leaders, the responsibility lies with us and not them to fix this. Here's how to start.
Jul 11, 2023 • 5 Minute Read
Hey there, tech leaders!
Let's talk about something that's been lurking in the shadows of our industry, often overlooked but becoming increasingly hard to ignore: Mental health in cybersecurity. Let's dive into why this problem is so prevalent in our field, what the signs are, and, most importantly, how we can mitigate the risk and ensure our professionals stay healthy and efficient.
The digital frontline: A high-stress environment
Cybersecurity is an industry that never sleeps. With constant threats lurking around every corner of the digital landscape, it's no wonder our professionals are feeling the heat. According to research by CIISec, 80% of cybersecurity professionals are dealing with more pressure following the pandemic, and a third (32%) of them are kept awake at night by job stress.
Needless to say, constant stress and no sleep is a recipe for burnout or resignation. In fact, a VMware report found that at least two thirds (65%) of security professionals have considered leaving their job because of stress.
So, what can we do to address this issue? Well, the first step is acknowledging the responsibility lies with us, the leaders. It's not just up to the individual security professionals to look after their own work-life balance.
Spotting the signs: How to recognize burnout in your team
Long hours, inadequate budgets, and incessant threats can drive even the most passionate professionals into the ground. As tech leaders, we need to be able to recognize when the conditions our cybersecurity teams are operating under are pushing them towards burnout.
Keep an eye out for signs of overwork and stress in your team, such as difficulty concentrating, decreased productivity, increased irritability, or a noticeable lack of enthusiasm and motivation. It's essential that we create a culture where it's okay to talk about mental health, admit when we're struggling, and ask for help when we need it.
Taking action: Six ways to support your team's mental health
1. Provide your staff proper resources and support
We need to accurately understand the burden on our teams and take responsibility for ensuring they are well-supported with sufficient personnel and resources. This could mean bringing in additional staff, introducing shorter shifts, investing in better tools, or even outsourcing certain security operations.
2. Normalize discussions about mental health
Sadly, only 16.5% of individuals with depression seek mental health. One of the primary reasons is the historic stigma around mental health, with 30% of people mistakenly believing a weak personality causes depression.
As a leader, you can help combat this stigma by normalizing discussions around mental health in the workplace. Fighting this perception requires a cultural shift that starts with the C-suite.
3. Give them rewards and recognition
There will be times in cybersecurity when extraordinary effort is required to navigate incidents and crises, and these efforts should be acknowledged and rewarded. This could take the form of additional days off, bonuses, public recognition, or other awards that fit your organization’s culture. Additionally, ensure your cybersecurity professionals are being paid fairly for their work.
4. Promote work-life boundaries
Establishing work-life balance is crucial to preventing burnout. As leaders, we need to encourage our teams to create their own strategies to deal with high workloads, while also fostering a positive culture around work-life balance.
This could mean setting boundaries and ensuring good communication within the team. Show employees that they don't have to choose between their job and their personal life.
5. Send them to industry and networking events
According to CIISec research, a quarter of cybersecurity professionals are stressed by a lack of work opportunity. You can alleviate some of this stress by sending your staff to cybersecurity-related events which offer a wealth of knowledge and networking opportunities, and help them grow their careers. Some examples include:
Secure World (US and Virtual)
The RSA Conference (US and Virtual)
Black Hat USA (US and Virtual)
Blue Team Con (US)
InfoSec World (US)
(ISC)² Security Congress (US and Virtual)
You can find additional listings by country on the Infosec Conferences website. You should also consider attending conferences that focus on mental health, such as the Mental Health America’s Annual Conference.
6. Give them new learning opportunities
There is a proven link between learning new skills and improved mental wellbeing and happiness. Your confidence improves, it relieves stress, combats boredom, gives meaning, and a host of other benefits. After all, nobody wants to feel like they’re stagnating.
Sadly, according to Pluralsight’s 2023 State of Upskilling report, only 39% of technologists say their manager helps them gain the skills they need to progress their career. As a leader, one of the ways you can improve the mental health of your team is by giving them learning opportunities. Give them paid access to a learning platform, on-demand video courses, or boot camps. Better yet, ask them what they want.
Remember that even if you give your employees access to learning platforms, you need to foster a culture where they actually feel safe to take the time to upskill.
A call to arms: Let's prioritize mental health
By prioritizing mental health and fostering a supportive, open culture in our organizations, we can help mitigate the risk of poor mental health in our cybersecurity professionals.
Let's work together to ensure that our professionals don't have to choose between keeping our companies secure and making sure they stay healthy. Remember, a team that's engaged, happy, and mentally healthy doesn't just mean a more pleasant workplace—it also means better performance and a safer organization.