More than nine in 10 (91%) cybersecurity professionals have experienced mental health challenges at work during the past two years, according to research by Australian cybersecurity services company Sekuro.
The survey of 101 cybersecurity professionals analyzed how increasing cyber-threats following COVID-19 affected the mental state of those working in the sector.
Over half (51%) of respondents said their mental health struggles were caused by poor culture and/or management styles at work, while 50% attributed these problems to the high-stress nature of their job.
Other significant factors included lack of funding for security (41%) and lack of necessary skills within the team (37%). Additionally, more than a third of respondents said that ‘imposter syndrome’ contributed to their mental health issues, which the authors observed could be attributed to factors like unrealistic expectations and lack of empathy from teams about how to address challenges.
Interestingly, 28% believe their mental health suffered due to remote working, citing lack of social interactions and the blurring of work/home boundaries.
Notably, unrealistic expectations from their organization’s board/executive leadership was the biggest worry for those surveyed (44%), ahead of ransomware and malware attacks (35%) and data breaches (35%).
The findings suggest that mental health challenges could further exacerbate the cyber skills crisis. Over a third (37%) of respondents quit their jobs in cybersecurity due to these issues, with 9% changing career paths altogether.
Regarding ways to improve mental health among cybersecurity staff, the respondents said more resourcing and tools (51%), replacing management personnel who contribute to poor mental health outcomes (34%) and the opportunity for workers to give feedback to the leadership team (26%) should be the biggest priorities.
Noel Allnutt, managing director of Sekuro, commented: “Cybersecurity professionals were faced with unique responsibilities when it came to managing the technological fallouts of pandemics, wars, and accelerated digitization over the past few years.
“Tasked with an ever-evolving series of cyber-threats to combat, the industry came under intense scrutiny as high-profile breaches made executive leaders sit up and take notice of the reputational and financial threats posed by cybercrime.”
He added: “The survey results clearly show how important a cyber-aware board and leadership team can be in reducing stress amongst more junior team members. There’s a real knack to communicating cybersecurity priorities in an ‘upward’ manner to executive leaders, but there’s also a massive impetus for the leaders themselves to take genuine interest in and invest in company-wide cyber policies.”