Most organizations—across almost every industry—have been forced to implement extensive digital components to their everyday operations so they can function efficiently. With this shift, cybersecurity awareness is permeating every business department and as malicious activity skyrockets, the role of security teams is becoming even more prominent across business functions.
In 2021, businesses suffered 50% more cyberattack attempts per week, and within this environment, 51% of those currently working in cybersecurity have experienced extreme stress or burnout. This stress is only further complicated by the widening skills gap, with more than 400,000 job openings all requesting cybersecurity-related skills. Now more than ever, it is critical that organizations address the issue of burnout among cyber employees before the talent pool dries up.
As a CSO, I understand the struggles that come with being in a security role. There is rarely a time in which it’s possible to separate oneself from the job. Most security practitioners will spend most of their waking hours—and sometimes their sleeping hours as well—thinking about their organization’s technology, the bad actors, and what new threats they could be facing tomorrow. These all-consuming stressors leave individuals very little room for self-care and, unfortunately, employers can also lack the infrastructure required to support employees who are struggling with burnout and mental health challenges.
If employees continue to feel unsupported in their roles and overtaken by negative emotions, they are much more likely to leave their jobs. The most effective way for organizations to mitigate this level of burnout is to thoroughly understand the pressure security practitioners are under, then take effective actions.
Encouraging high-level conversations
Many security professionals don’t feel comfortable admitting that they are struggling with their mental health because the threat of personal and professional repercussions can be daunting. Therefore, those senior leaders who are unafraid to speak out should take ownership of educating executive teams and bringing these critical conversations to the top. With that said, the elevation of such conversations should not stop at the organization’s C-suite but continue all the way to its executive board.
Not only is the board responsible for governing the company’s cybersecurity risk and strategy, but it is also the first stop for decision-making that can have an impact on the overall health of an organization (from hiring practices to day-to-day operations). These decisions should always promote a “psychologically safe” environment for their employees and prospective talent—meaning the organization fosters an environment that feels comfortable and supportive.
Building such an environment cannot happen unless there are advocates willing to speak about the mental health issues their teams may be facing, including the increased pressure on cybersecurity professionals. Ultimately, ensuring security practitioners feel supported and empowered while doing their jobs falls on an organization’s leadership. Otherwise, they risk losing key talent that is crucial to protecting the entire organization and its data against the next cyberattack.
Promoting individual empowerment
If security teams are going to function effectively and contribute to long-term business success, the mental health crisis permeating the cybersecurity industry must be addressed from all sides. While board-level discussions need to happen for effective changes to be made, security teams must also be encouraged by their direct leads to improve their work-life balance at an individual level. While organizations can invest in programs