Cybersecurity Industry's Greatest Vulnerability- The Mental Health Crisis
On this week's edition of Cyber Friday, I am going to cover a topic that is serious and needs more attention and awareness, and that is the current mental health crisis in the cybersecurity industry.
Now, if you've been reading my newsletters, you know I like to keep things mostly lighthearted, with dashes of educational bits here and pinches of editorial dialogue there...
...and I use old memes sometimes. Sue me.
But today's topic does deserve a more dignified tone, so I will try my best to approach it with care.
At a glance, cybersecurity professionals might be seen as left-brained, logical, analytical individuals. They spend their time sitting behind a computer screen displaying thousands of data points, logs, and monitoring tools to make sure their company's information systems are operating as they should and nobody gets hacked.
The truth is, the job is NOT that simple. In fact, cybersecurity professionals have far more on their grocery list of to-do's beyond simply not letting hackers attack. And even so, not letting hackers attack can sometimes mean rigorous triaging, incident response, and constant threat assessment; their work can range from being "on standby" to being catapulted into extremely high-stress situations in a matter of moments.
And most people don't ever see them.
Journalist Tonya Riley covered this exact topic in her Cyberscoop article this week, where she conducted research to quantify just how severe the mental burnout has become in the industry. Notably, in a 2022 survey with 1,000+ security professionals, Riley offered that:
Of course, on a much larger scale, mental health has been a global problem and a growing concern for years. And the awareness of the mental health crisis over the past few years [on social media, television, personal testimonies, etc.,] has carved a path towards a shifting cultural value set that prioritizes mental health instead of stigmatizing it.
However, cybersecurity professionals often do not feel like adequate mental health resources are available to them. In fact, experts from Australian nonprofit Cybermindz and the University of Adelaide students found very similar burnout rates between cybersecurity workers and frontline healthcare workers. Comparing the two - especially considering COVID-19 and its impact on healthcare workers- speaks volumes about how overworked both of these groups can become, whether the pandemic in question is health-based or cyber-based.
领英推荐
In addition, Peter Coroneos, founder of Cybermindz highlighted the impact that cyber workers' burnout could have on the larger population - as they are the invisible backbone to critical infrastructures (water, energy, food, financial services) in our world.
"The pandemic, floods and bushfires have shown us the systems we rely upon are not to be taken for granted. Cyberattacks are a daily occurrence and, unlike natural disasters, there is no conceivable endpoint in sight." -Peter Coroneos, Cybermindz Founder
So, what is the solution to this crisis? How do we offer help to cybersecurity professionals?
Well, as I mentioned before, the job itself will inevitably cause stress; the nature of working in the security industry means long hours, problem-solving, optimization, damage control, and high-volume, restless logical thinking.
While I would like to suggest more funding and resources as a remedy, which would allow for more access to mental health benefits programs for more people, I think that is only a start to facing a much more nuanced issue.
Specifically, I believe the root of this mental burnout stems from a cultural and systemic problem; the cybersecurity industry is technological, but at its heart lies human beings managing that technology.
And when you think of technology, you probably think of the incredible pace at which it moves, constantly evolving and being innovated so that today's solution is already a few minutes too stale against tomorrow's.
Pairing that very concept with the people behind the tech breeds an association between tech experts and the tech itself that forces the former to move just as fast as the latter. We must learn how to slow down as people without actually slowing down in performance. We must care for people because they are people, understanding that they are emotionally responsive to stress. The human brain should not be mistaken for a computer processor.
As we move into another jubilant weekend, let's take the time to think about and show gratitude for those who will work while we play. If your colleague is a cybersecurity worker, check on them. Even if they aren't, check on them.
Until next Friday. Signing off.