According to a survey from security firm Nominet, 88% of Chief Information Security Officers (CISOs) reported feeling “moderately or tremendously stressed. This is a worrying statistic in a high demand job where talent and skill are more important than ever to keep organisations safe and out of the cyber firing line.
Organisations remain as vulnerable as their security team.
If we don’t change our attitude towards the mental health of IT security professionals, how can we expect them to deliver to full capacity?
Mental health is an ongoing problem for many working professionals, however there’s no denying that cybersecurity roles come with their own unique challenges which can exacerbate the chances of stress and burnout.
Information Security Director Quentyn Taylor said, “cyber threats can happen at any given time, and when an incident occurs, cybersecurity professionals are expected to be ‘on’. It’s not uncommon during incidents for cybersecurity professionals to book ‘sleep time’ in their calendars to ensure they get enough rest.”
This constant need for IT security teams to be on stand-by 24/7, on the edge of a disaster that can strike at any given time, is a prime source of stress. Whilst it may start out small, as a low-level anxiety, it can lead to further damage over time.
Security professional Jay Radcliffe has struggled with depression and has opened up about knowing several people in the cybersecurity community who have taken their own lives. Whilst mental health issues are clearly prevalent, they’re often unaddressed. Organisations are focusing on the obvious ramifications of cyber-attacks, such as ransom payments, but ignoring the very real and pressing issues that affect those working to mitigate it.
With the ever-increasing skills shortage and the pressure of overworked individuals who remain at the mercy of their organisation, mental health will only become more significant. With almost one in five reporting that each person is doing the workload of three, security leaders are working more hours than ever, and mental health support is not keeping up.
We’ve interviewed Talion analysts to hear their personal experiences with fighting the pressures of working in a security team, alongside their positive takeaways:
“Gaining exposure to diverse environments, embracing new challenges, and not having two days the same is excellent and engaging. However, some elements do trigger stress and bad moods.
I’ve lost sleep dwelling on whether I reached the correct decisions during security investigations, and I’ve questioned my ability as an analyst if I spend too much time handling alerts. Not participating in everyone else’s “everyday world” whilst trying to maintain a night shift schedule sometimes makes me question whether shift work is worth it.” – Tom Singh, Talion Security Analyst
“I’m a rather anti-social person myself, not very outgoing and a bit of a night owl who normally stays up till 2-3am, so I took this role thinking shift work wouldn’t affect me as much as some. However, when booking sessions in at the gym, haircuts etc. it’s a bit of a chore working out when I’m going to be free, when I will wake, and how much I can fit into a day before the shops close. Due to the restriction on time, it’s effectively halved my week as I now only do the aforementioned on my days off, whereas if I worked a normal 9-5 job, I could easily fit some things in after work, but when working 7pm – 7am and sleeping in till 2-3pm, it’s very hard.” – Anonymous, Talion Security Analyst
“I absolutely love working as a security analyst. Not only does the high-pressure work keep me engaged, but it also gives me a sense of responsibility and pride knowing I’m helping companies prevent potentially catastrophic cyber-attacks/incidents.” – Angus Glassford, Talion Security Analyst
“I’ve worked in cyber now for roughly 5 years and I can honestly say I enjoy it. The only thing that can be an issue would be the childcare – working 12-hour shifts can be a pain to work around and causes a lot of stress, especially when there is no ability to work from home, but the 3 days off a week makes up for it.” – Anonymous, Talion Security Analyst
When addressing mental health, security researchers argue that cybersecurity professionals and criminal hackers differ primarily due to their state of mind. They perform similar tasks, such as manipulating their target – the only difference is the goal and what they choose to do with them.
Empathy plays a huge role in determining the good versus the bad, and what if the practice of empathy could be supported through an organisation’s desire to boost mental health?
If security teams are looked after, they’re less likely to fall into states of stress, which in turn could prevent erratic urges, such as paying a ransom without consulting leadership or revenge hacking. In extreme circumstances, it could prevent security professionals from “going over to the dark side” to utilise those same skills they used to protect a company but for a detrimental cause – executing a cyber-attack instead.
Supporting mental health not only fuels a team’s best work but keeps them in alignment with their core values, which only maximises sufficient protection for the organisation itself.
CISOs were willing to give up $9,642 per year to reduce stress levels and improve their work-life balance. That’s how detrimental mental health currently is to IT security teams across the globe – salary is no longer as important when health is on the line.
Whilst we can’t instantly offer security individuals the downtime they need to refresh, and we certainly can’t change the way cyber-attackers strike, we can change our attitude towards mental health and encourage others to speak up and ask for help.
For cybersecurity professionals struggling with stress, work/life balance or mental health, there are plenty of resources and helplines that can provide immediate help.
Learn about our partner DEVO’s SOC Analyst Appreciation Day here – an annual global event that pays some long-overdue kudos to SOC analysts who are too often overworked and underappreciated.
Call us directly and we’ll put you in touch with the most relevant cyber expert.
Not currently free to call? Give us a brief description of what you’re looking for by filling out our form and we’ll email you as soon as we can.
Thought-provoking cyber security discussion at Michelin-star restaurants across the UK.
