Cyber workforce's mental health: a brighter future

As we look back on Mental Health Awareness Month, it is the ideal time to reflect on how well your organisation is doing in raising awareness of - and reducing the stigma around - mental illness and promoting healthy working environments. The cybersecurity industry has been subject to mental health challenges in high-pressure environments for decades and it's important that, collectively as an industry, cybersecurity leaders and professionals continue to work towards these goals with greater strength and cohesion. 

Cybersecurity roles typically involve high expectations, high stakes, and high stress. Day-to-day, security teams grapple with constant attacks and incoming alerts notifying teams of potential breaches and suspicious activity that each require clear, informed and rapid responses. At every turn, failure looms, the result of which could place the entire operational capacity of a company at risk. No matter your level of experience or the sector, cybersecurity is a taxing environment that naturally leads to unusual amounts of stress and, unfortunately, mental health issues.

To add fuel to the fire, unprecedented macroeconomic events have triggered surges of threat actor activity over the past few years, exacerbating issues for cybersecurity practitioners. The pandemic accelerated the trend toward remote corporate access and led many more consumers to embrace online shopping, leaving companies and private networks under strain and vulnerable to threat. Compounding issues, the war in Ukraine caused Russian-based attackers and hacktivists to ramp up cyber operations globally. After years of compromise and disruption, it’s hardly surprising that 64% of cybersecurity professionals find their work is taking a toll on their mental health, according to a recent study. 

Where do we go from here?

The first building block in any form of cultural change is raising awareness. Normalising mental health issues will ultimately create a safer space for security professionals to air concerns and admit when they are struggling, without fear of personal or professional repercussions. The benefit of creating such an environment is invaluable, allowing employees to feel less isolated in their issues and for employers to spot risks before they impact output too heavily. As many C-suite executives are unaware of the nature of security roles, change must come from the top. I urge CIOs and CISOs, and other senior decision makers in cybersecurity, to educate their fellow executives and advocate for their security teams, reducing the barriers to engagement and awareness.

Confronting mental health challenges in the cybersecurity industry also requires employers to improve or implement safeguards for staff. Once the level of everyday pressure and subsequent stresses are recognised by the C-suite, a tangible, accessible support system must be put in place to prevent spikes in mental health challenges. Stigma can be rapidly reduced by increasing positive, inclusive messaging, providing regular workload reviews, responding to employee feedback and setting aside budget for one-to-one and group support programmes. Ideally, support programmes would not take too much time away from work so as to not induce a stress response in itself.

A well rounded support programme should equip staff with everyday tools they can rely upon when work stress begins to peak, helping to reduce pain points before they become a problem. Stress management and relief varies from person to person, so there is value in demonstrating a range of activities to your workforce. Popular coping tools include walking in nature, mindfulness meditation, spending time with friends, daily reflections and a good sleep schedule, all allowing people to reset in some small way before the new workday begins.

Stress and burnout significantly impairs work ability, so promoting a good mental health culture in the workplace benefits both employees and the businesses themselves. By improving mental wellbeing, the cybersecurity industry can benefit from reduced staff churn, more effective decision making and, most importantly, happier and healthier staff. Cybersecurity professionals are then more able to do what they do best, improving the security posture of an organisation and leading to a safer ecosystem for all.