The demanding, high-stakes nature of cybersecurity means stress and burnout is a common problem for professionals at all stages of their career. This Mental Health Awareness Week, four industry experts share their outlook on the challenges cybersecurity pros face, as well as their advice for businesses looking to provide better support.
Burnout is increasingly common in cybersecurity especially among cybersecurity leaders who are expected to meet the ever expanding demands of their roles. “When I talk to my peers, mental health is a lofty and growing issue across the board that is frequently ignored until burnout or opt-out seems to be the only way out,” voices Matt Hillary, CISO at Drata.
This isn’t an isolated experience. Research shows that 55% of cybersecurity professionals say they experience stress at work half the time, which in 21% of cases leads them to think about leaving the profession.
As workplace communication evolves, Mairead O’Connor, Practice Operations Director at Node4, is also concerned about how this could impact on stress and loneliness.
“In today’s digital world, I do worry that it’s harder to find human connection, especially within the workplace. The default option is to send an email, or a Teams message, or just leave an emoji, but what are we losing by not having a proper conversation?”
Multiple studies have proven that social interaction lowers rates of depression and anxiety and improves self-esteem.
“With many teams being distributed today, it’s more important than ever to actively and intentionally create spaces for colleagues to talk,” she adds. “We need to make the effort to develop understanding and empathy for each other so that we can provide support during tough times.”
Show employees they’re valued
Another key ingredient to happiness at work is ensuring employees feel like their contribution matters. “Feeling like you are making a difference and are part of something provides the intrinsic motivation that makes work enjoyable,” explains O’Connor. “It is those around you who give this validation.
“Of course, this can be done via email, messenger or a praise wall, but it is most impactful during human-to-human interaction, when you’re collaborating with your team, bouncing ideas off of each other (without a time lag!) and directly seeing your purpose within the group.”
Drata’s Hilary agrees, adding: “CISOs should act as the example and cheerleader for their security team members, who are consistently under immense pressure with excessive expectations for dealing with relentless attacks and never ending identification and fixing of flaws in organisational systems.
“To build security teams that know you care and trust them, I help remind my team members that we are still human, that every organisation is on a security journey, that no organisation is “there” and, as a result, they should go at a diligent speed that is healthy and sustainable – only running as fast as they are able.”
When disaster strikes… offer support
This support is particularly important in high-stakes and stressful situations, such as those surrounding a cyber attack. Indeed, while the business impact of a cyber attack is well-documented and widely discussed, Parisa Bazl, Head of User Experience at Commvault, explains, “there is a worrying and often overlooked human element that can have serious personal consequences for those involved.
“In particular, employees targeted by cybersecurity threat actors and the cybersecurity professionals tasked with mitigating the impact of an attack.”
Data suggests that nearly two-thirds of cybersecurity incident responders seek out mental health assistance due to the demanding nature of responding to cyber attacks. Whilst another study revealed that one in seven security staff experience trauma symptoms months after an attack, with one in five considering a job change as a result.
So, what needs to change to turn this situation around?
“At the heart of this approach is building an organisational culture that actively embraces opportunities for knowledge sharing and the role of strong communication in both preventing attacks and then mitigating their subsequent impact,” Bazl urges. “This will encourage responsibility for effective cybersecurity to be shared whilst playing a supportive role in mitigating the fear and stigma victims will often experience.”
She continues, “Rather than blaming individuals for mistakes that anyone could make, from the most junior employee to the CEO, organisations should focus on learning from their experiences collectively. Without this positive cultural system in place, organisations run the very real risk that employees simply won’t report cybersecurity incidents to management, particularly out of fear of the repercussions they may face.
“In an era where employers are focusing more energy on workplace wellbeing, leaving these issues unaddressed can represent a serious shortfall in care that can lead to devastating personal consequences.”
Building a culture of care
Crucially, addressing mental health in the workplace isn’t a one time quick fix – care needs to be built into the fabric of the organisation. Lindsay Gallard, Chief People Officer at Six Degrees, discusses the company’s commitment to “continuously strive to better ourselves and our employees.
“As we often say, there is no ‘one size fits all’ approach and so, for us, flexibility is key. This involves communicating and raising awareness widely, engaging our people on a range of topics, offering a variety of support and resources, and providing space within our initiatives and working arrangements to help every individual strike the right balance. At the heart of all of this, though, is communication: encouraging openness, really listening, and creating ways forward together.”
Striking the right balance between work and personal life is something that Drata’s Hilary advocates for. He urges: “We must encourage our team members to take time out to truly disconnect from work–turning off all notifications that plague our awareness throughout the workday–when they need to, champion the rights for everyone to have a balanced life, and welcome employees to set work boundaries based on their individual and diverse needs – all without fear of discrimination, fear of missing out, and fear of not pulling their weight.”
A win-win
Happy and fulfilled employees are also the most productive, and it is bonded teams that work the most efficiently together. Prioritising employees’ mental health is not just the right thing to do, it makes good business sense.
“It is in the interest of every business leader – as an entrepreneur and a human being – to create spaces for colleagues to talk and collaborate,” said Node4’s O’Connor. And it doesn’t have to be rocket science either, she concludes. “Small steps can do big things for fostering a healthy and supportive workspace and boosting employee wellbeing.”