We’ve been noticing a worrying trend recently for articles about mental health in cyber security and in particular burnout amongst the profession, it’s true that cybersecurity is a stressful industry, even an average data breach can cost businesses millions meaning those in charge of security are under constant pressure to keep critical data and assets protected.
Cyber security is an industry which is always operating under stress but the past 12 months or so have been particularly tough with high-impact events such as the war in Ukraine directly affecting cyber attacks and a global recession meaning the tech industry as a whole has seen layoffs and seismic changes in some of the biggest players.
A survey taken at the 2022 Black Hat Europe Expo found sixty-six per cent of the respondents claiming to have experienced burnout whilst 51% reported working more than four hours a week over the contractual obligation with a further 50% responded to say that workload was the biggest source of stress in their positions.
These are not statistics that paint a happy picture but rather point to an industry of professionals which feels stretched with an unmanageable workload which forces them to work more than they should and as a result directly impacts their mental health. The same people we must remind ourselves who are tasked with the responsibility of keeping systems and entire business infrastructure safe.
What needs to change?
As a cyber security business ourselves we’re certainly not about to say we do everything right or that we don’t ever feel the impacts described above, however as a small, agile organisation working with large corporations we do our best to address the issues faced by our industry head on, here are just 3 areas for organisations to consider:
Recognise The Realities
Acknowledging that a job is stressful can go an awful long way, it doesn’t mean that the stress ceases to exist but it does mean that it’s recognised as a common factor rather than something that one particular person or group of people may feel they have to shoulder. It also allows the opportunity for conversation about improvements organizationally and across systems and processes or even human resource. We know there is a skills gap in cyber security and we know this can directly impact the teams delivering on a daily basis how we address that gap over a longer period is a blog for another day but we can acknowledge it exists and work as businesses to start to close it through our own practices and opportunities to develop our teams.
Support Upfront
Offering support upfront is critical, beyond the acknowledgement of stress, businesses can do much more to support employees both through mental health support at work and also in creating an organisational culture which supports a healthy work/life mix and which actively puts in place things to make that happen. Whether that’s looking at how teams are staffed and clients are serviced through creating better working patterns or creating personal development paths so that cyber security professionals can learn and progress through to investment in professional advice and support to input wellbeing and mental health policies and programmes.
It’s everyone’s responsibility
This is a drum we bang quite a bit, in fact we covered it quite extensively in this blog but it doesn’t make it any less true. Cyber security responsibility does not just sit with cyber security professionals, it is the responsibility of everyone. If employees are reusing the same password over and over, not engaging with training or paying attention to cyber security updates then they’re part of the problem and this must be addressed too to alleviate the stress and impact on cyber security professionals within your business and across the industry as a whole.