Mental Health In Cyber Security: Building Trust By Recognizing Systemic Issues By: Monique Danao October 3, 2023 Updated October 4, 2023 Estimated reading time: 5 minutes. Brief Overview of the Cyber Security Landscape Having a mentally healthy workforce ensures every individual will be more engaged and effective in performing their roles. Yet, in high-stress fields like cyber security, this is easier said than done. Becoming a skilled cyber security specialist who can thwart online attacks seems like a glamorous profession in the movies—but the reality paints a much more complicated story. The State of Mental Health in Cyber Security, published in Tines, underscored many professionals' experiences with workplace stress and burnout. They raise challenging questions about how organizations can tackle the mental health crisis and how they can foster a healthier environment for industry professionals. How Does Cyber Security Affect Mental Health? Cyberattacks can happen at any moment. That’s exactly why cyber security professionals often work long hours and remain vigilant 24/7 to respond to unexpected incidents. Tines surveyed 1,027 security professionals from the United States and Europe to understand the state of their mental health. Researchers found 47% rated their mental health highly, but 27% claimed it declined in the past year. The constant barrage of attacks led 66% to feel constantly stressed. Furthermore, 64% claim their stress levels have increased over the past year. As new threats emerge daily, it's no surprise that many feel an emotional toll from incident response. According to Forbes, most large companies experience at least 1,000 daily security alerts. The severity level can vary from minor to critical, but oversight can lead to catastrophic consequences, including data breaches and financial losses. "People outside of cyber are shocked to understand that these invisible workers that are protecting all of society are in such a state of fragility," said Peter Coroneos, founder of Cybermindz, in an interview with Cyberscoop. Cyber security professionals face a multitude of demands in a highly stressful environment. Some work responsibilities can lead to excessive workload and burnout. Here are some examples: Rapidly Evolving Threat Landscape: The cyber threat landscape is constantly evolving, so new attack methods and techniques emerge regularly. Professionals must continuously update their knowledge and cyber security skills to mitigate threats. Irregular Hours: Cyber security incidents can happen at any time, so professionals may have to work long and odd hours. The fatigue from managing notifications, alerts and potential data breaches can disrupt work-life balance. Lack of Manpower and Resources: Many organizations face a shortage in manpower and resources. Cyberseek reports a total of 663,000 job openings in the United States alone. Due to the talent shortage, professionals have no choice but to manage large networks and systems with limited support, which leads to excessive workload and stress. Work Culture: Some workplaces may value results over well-being which deters employees from taking breaks or seeking help for mental health issues. Furthermore, others work remotely in isolation or in small security teams, which can lead to feelings of loneliness and frustration. What are Signs and Symptoms of Burnout in Cyber Security? The constant alertness can lead to burnout, which are known precursors to more serious mental health issues. Here are some signs and symptoms of burnout specific to IT and cyber security professionals: Chronic fatigue Noticeable decline in job performance (i.e. missed deadlines, common mistakes, decreased efficiency) Cynicism or detachment from work Increased irritability and mood swings Difficulty concentrating Physical symptoms (i.e. headaches, stomachaches, and muscle tension) Sleep disturbances Neglecting self-care Increased absenteeism due to illness or exhaustion Isolation and withdrawal from social interactions and professional relationships. Unhealthy coping mechanisms (i.e. excessive alcohol or substance use to alleviate workplace stress or numb emotional pain) Why Is Psychology Important in Cyber Security? That isn't to say that employees should accept digital fatigue as a part of the job description. Mental health can have a significant impact on work performance. According to Tines, 64% of respondents say their mental health impacts productivity. As a result, the mental health crisis in cyber security roles is paramount for the professionals' and organizations' well-being. In the grand scheme, organizations must understand that protecting their workers from digital fatigue is just as vital as safeguarding their digital network. Having mentally healthy workers fosters a more effective and resilient workforce capable of facing threats in the digital age. According to Tines, 57% say their workplace provides mental health support. These support systems may be Employee Assistance Programs (EAPs), on-site programming, and free subscriptions to mental health apps. Interestingly, respondents in the United States were more likely to receive mental health resources (64.2%) than those in Europe (49.1%). Done right, implementing a healthy work environment can improve employee retention rates. Harvard Business Review claims 68% of Millennials and 81% of Gen Z have left a job for mental health-related reasons. Employees who feel that their well-being is a priority are more likely to stay with the organization. In addition, mentally healthy employees are more productive and engaged at work. Building Resilience In The Digital Realm Even if employers realize mental health's importance, the industry must do more to keep the conversation going. Only half (54%) of workplaces prioritize mental health. To move the dial, organizations can try the following strategies: Cultivate Mental Health Awareness Organizations must lead the charge in fostering a culture of mental health awareness. Host workshops and educational programs that can dismantle the stigmas surrounding mental health. Beyond promoting understanding, provide managers with primary mental health training so they can handle tough conversations at work. Promote work-life balance Cyber security professionals may end up supporting other teams because of staffing and resource issues. Managers and HR teams should continuously check their workload to ensure work responsibilities are distributed evenly. Encourage employees to seek support Research shows 40% of global employees said no one in their organization asked if they were doing OK. Of this number, 38% were more likely than others to say that their mental health had declined. Encourage employees to seek support. Mandate regular one-on-one check-ins between managers and cyber security team members. These meetings provide a platform to discuss workload, challenges, and any mental health concerns that may arise. Provide training and resources for continuous learning Equip employees and managers with the training to improve their skills in the profession. A good tip is to allocate a budget specifically for cyber security training and development, which should cover course fees, materials, and certification exams. If you have employees looking to make a career shift to the cyber security industry, check out Lighthouse Labs’ ICT Boost program. In partnership with the Government of Canada, we are offering entry-level talents access to a retraining program that can help them learn in-demand digital skills through a series of events and workshops. Expert Insights Cyber security workers are the unsung heroes of the digital age, tirelessly defending our data and networks from relentless attacks. Yet, this demanding profession often comes with a hidden cost—a toll on mental health. Jason Lewkowicz, Chief Services Officer at Optiv, believes it’s important to ask co-workers how they’re doing. “Ask if there’s something you can do to make their work-life better. “If you see an individual who seems to have continued upbeat spirits, have them be a champion for your overall organization and figure out what they’re doing that’s working well.” Richard Mogg, Executive Director at Cybermindz, also believes it’s important to talk about mental health. In an interview with ADAPT, he said, “Giving people the opportunity to explain what they're going through can be of benefit. If you ask empathetic questions or ask direct questions, you can get people talking further about cybersecurity and mental health.” Ultimately, businesses that recognize mental health issues can foster a healthier workplace. By promoting mental health awareness, offering access to support networks, and implementing flexible policies— these organizations can empower cyber security professionals to thrive.