Are cyber professionals as good at protecting their mental health as their IT environments? In this Expert Insight by Thomas Kinsella, COO of Tines, talks about the worrying mental health statistics in cyber and how to protect your team.
Got an executive, researcher or subject matter expert with smart ideas to share? Contact us!
Are cybersecurity professionals protecting their mental health as much as they’re protecting their organization?
Security professionals are tasked with keeping their organizations safe from malicious actors that could cause irreparable harm. But are they keeping their own mental health safe, and fighting as hard to protect themselves against the impacts of stress, anxiety, and overwhelm?
There’s a mental health crisis looming in cybersecurity. Last month was Mental Health Awareness Month, but the need to reignite the conversation about the concerning state of mental health in cybersecurity is ongoing. Fortunately, there are steps we can take to increase good mental health and wellness in our industry.
The State of Mental Health in Cybersecurity
How are security professionals managing their mental health? Our new report on the “State of Mental Health in Cybersecurity” uncovered these four insights that should influence the conversation on mental health in the cybersecurity industry today.
Only 67% rank their mental health as excellent, very good, or good.
How do those in cybersecurity rate their own mental health? 26% say the state of their mental health is excellent, 21% say it’s very good, and 20% rank it as good. These numbers may seem on the low side — and they are, when held up against Gallup’s yearly survey around mental health.
Compared to Gallup’s finding that 81% of US adults rank their mental health as excellent or good, only 67% of cybersecurity professionals rank their mental health as the same, according to our report — much lower than what could be called the standard (and 81% is still a 21-year low). Additionally, the fact that 17% of security professionals — nearly one out of every five — ranked their mental health as poor should prompt leaders to take action to ensure that their team members have the help they need.
Gallup finds that 81% of US adults rank their mental health as excellent or good. Only 67% of cybersecurity professionals rank their mental health as the same.Tines “State of Mental Health in Cybersecurity”
27% say their mental health has declined over the past year.
One out of every four security professionals reported that their mental health has gotten worse. Due to the pandemic and its effects, there’s a widespread decline in mental health worldwide, with the WHO reporting a 25% increase in anxiety and depression due to the pandemic. This, of course, is likely impacting that decline.
But the pandemic and its effects also caused some unique impacts to security teams that can’t be overlooked as a factor in declining mental health. The move to remote work not only increased the complexities for security teams, but exposed their organizations to new vulnerabilities and attacks. Illness, burnout, and the ongoing Great Resignation are also leaving security teams understaffed and overworked.
Stress levels are already high — and rising.
Cybersecurity is a stressful profession. Organizations have seen a 125% increase in cyberattacks from 2020 to 2021, and malicious actors are becoming more sophisticated in their tactics and techniques. Additionally, security teams are often undercut by inefficient processes and procedures. So it’s no surprise that 66% of security professionals experience some level of stress at work, and 63% say their stress levels have risen over the past year — but it shouldn’t be acceptable. Security teams shouldn’t just watch the tide of stress rise without taking action, and nor should they be expected to wear stress like badges of honor.
Mental health is affecting productivity, and work affects mental health.
Poor, mismanaged, or scattered mental health will always affect concentration and productivity, and two-thirds of security professionals said that their mental health affects their ability to get their work done. But mental health, productivity, and stress are all connected in a vicious cycle, and 64% also said that their work stress, frustrations, workplace dynamics, and other factors impact their mental health as well.
Approaches to Improving Mental Health and Wellness
How can the cybersecurity industry increase the number of security professionals who rank their mental health as “excellent”? Here are a few paths forward.
Normalize the conversation around mental health
Harvard Business Review found that the organizational approach most desired by employees is a more open culture around mental health. Normalize the conversation around mental health and wellness by talking about resources, the way work impacts mental health, mental health days, and other topics. Letting employees know it’s Ok to talk about their mental health concerns takes away the stigma of asking for help, and can improve overall health, happiness, productivity, and engagement.
Reduce stress where you can
Stress levels are high and rising, but shouldn’t be left unaddressed if they’re truly affecting your workers. Security leaders can start by seeking out what’s causing team stress. Do they feel frustrated by repetitive, mundane tasks? Are inefficient policies and procedures causing more roadblocks than necessary? Are outdated tools causing more work? Understanding what’s upsetting your team and putting new policies and practices in place can help slash stress and anxiety.
But security leaders don’t have the ability to eliminate work-related stress completely. That’s when it becomes important to encourage individuals to gain the tools they need to manage their own stress through approaches like meditation, exercise, and other wellness activities.
Tell your team to take time off
Perfect attendance is nothing to applaud if your mental health is affected. Another key thing organizations can do is to tell people to take time off. That may involve changing your message to be clear that the job is simply a job, and that security isn’t everything. Taking your PTO, and forcing your team to take their PTO, is not only a way of reducing stress and forcing perspective. It may also give insight into the fact that the work and processes are being held together by one very stressed individual.
Increase resiliency by providing support
Our report uncovered a number of security professionals who reported high levels of stress at work yet who said it didn’t impact their mental health or their productivity. The reason for this is likely that those individuals have practices and tools in place to mitigate their stress, like therapy, a healthy work/life balance, exercise and healthy eating, or a meditation, journaling, or gratitude practice.
That’s why it’s important for workplaces to provide support, resources, and benefits to their employees as well. Offer an Employee Assistance Program (EAP) and stress management training. Give employees the option of using mental health days or having a more flexible schedule. Provide employees with wellness allowances or free access to meditation apps, gym memberships, yoga classes, etc.
Continuing the Conversation
The looming crisis doesn’t have to have to hit your team, if you make sure that your security team members are being taken care of and are taking care of themselves. Mental Health Awareness month is behind us, but we need to keep the conversation going about mental health in cybersecurity — and keep talking about it, and keep talking about it.
(*) Disclosure: This article was sponsored by Tines. For more information on how Security Ledger works with its sponsors and sponsored content on Security Ledger, check out our About Security Ledger page on sponsorships and sponsor relations.