Unsustainable pressures are being placed on cyber leaders and professionals’ mental health because of a combination of factors, such as the growing attack surface, increasing cybersecurity and data regulations and the on-going skills shortage.
“The environment is particularly harsh. I’m really concerned for leaders in this industry – they’re suffering big time,” Jane Frankland, author and founder of KnewStart and the IN Security Movement, told Infosecurity.
“Right now, we’re risking an exodus of leaders in this industry due to the environment, as well as a lower quality of work being produced,” she added.
A number of surveys back up this sentiment. In 2022, a study by Vectra AI found that half of UK cybersecurity chiefs are feeling burnt out and are thinking of resigning due to the immense pressure they’re under.
It is a scenario the industry cannot afford to let take hold, particularly given the sector’s enormous skills shortage.
Against this backdrop, a paper titled Mental Health in Cyber Security was published in May. Authored by three leading security professionals, the document reviews the current research landscape and industry practices in this area and sets out a range of suggested actions.
Speaking to Infosecurity, Sarb Sembhi, CTO at Virtually Informed Limited, explained: “Basically, the paper is a discussion document, we want more discussion.” He hopes this will ultimately lead to collective action among industry stakeholders that starts to mitigate this brewing crisis in the cybersecurity industry.
The changes set out in the document revolve around five stakeholders: research/academia, governments, professional and certifying bodies, enterprises and cybersecurity professionals.
Sembhi’s fellow authors include Peter Olivier, head of security delivery, Admiral Group and Paul Simms, director of cyber security & compliance, Lumanity.
Promoting in-Depth Research
The paper cites a number of studies highlighting disturbing issues regarding mental health in cybersecurity. This includes the Nominet report Life Inside the Perimeter – Understanding the Modern CISO, which found that 91% of CISOs suffer moderate or high stress, while 17% are either medicating or using alcohol to deal with job stress.
While such research is important, Sembhi and his co-authors recognized that these types of studies do not attract sufficient attention from industry groups and governments. “We found that the much of the research could be construed as anecdotal or not rigorous enough, because all these surveys are done by people who want to express an opinion,” he noted.
Therefore, the discussion paper emphasized the urgent need for independent research to be carried out into the state of mental health in cybersecurity and its consequences, alongside practical recommendations for improvement.
Government and Industry Association Actions
Sembhi believes that such insights will ensure industry bodies place a much greater emphasis on mental health in cybersecurity, which will subsequently lead to government agencies, like the UK’s National Cyber Security Centre (NCSC), also focusing on the problem.
“The aim is to get the industry bodies to take it on because if they act collectively, the chances are the government will listen,” he outlined.
No tags.
