We are excited to bring Transform 2022 back in-person July 19 and virtually July 20 – 28. Join AI and data leaders for insightful talks and exciting networking opportunities. Register today!
We must address the significant burnout that is happening within the cybersecurity industry, particularly now, during Mental Health Awareness Month. There are currently 400,000 job openings requesting cybersecurity-related skills, meaning current teams are overworked and understaffed. In fact, 51% of cybersecurity professionals experience extreme stress or burnout in their current positions, which is no surprise when businesses suffered 50% more cyberattack attempts per week in 2021 alone.
It’s time to start a conversation about what these findings mean for the future of cybersecurity, taking the time to speak openly and honestly about traditionally “taboo” issues and the lasting impact such stress will have on this workforce. The cybersecurity industry – and society at large – cannot afford a further expansion of the ongoing talent shortage, especially as the threat environment continues to expand.
Analyze unique industry needs
Cybersecurity is a necessary component for nearly all industries, including finance, education, healthcare and the federal government. The stress on each will also differ, meaning there may be unique solutions that work for some, and not as well for others. It’s important for leaders in each space to analyze the sources of overwhelming stress and come up with a distinctive action plan for their own specific cyber workforces.
For example, security professionals in the healthcare industry are just as burned out, if not more so, than others. The pandemic rushed digital transformation, and an onslaught of threats, data breaches and ransomware attacks pushed already strapped security teams over the limit. Alongside such pressures from this global health crisis, the enormous increase in data due to the acceleration of new telehealth and testing services has meant more risk for the entire industry. In response, health facilities require the support of larger, better-equipped teams, including data security experts, when patient safety/privacy continues to be threatened.
Keeping this in mind, addressing the mental health of those working in the healthcare cyberspace might require a wider expansion of multiple teams, and not just the security team, in order to effectively reduce mental burnout across the organization. The healthcare industry may also benefit from more automation and cloud strategies, given the increased amount of legacy systems still depended on, increasing the work and stress of those cyber professionals who must continue to work with such technology.
Establish support from the top
Regardless of the industry, a company’s board is responsible for governing risk and strategy. Because there’s not enough talent to meet current cybersecurity needs or future ones, employees are feeling burnt out, and therefore more likely to give their notice, leaving the organization in an even more vulnerable state. This not only elevates the conversation but places it as a top priority for the executive team and boards.
Leaders across the organization must empower individuals to take their mental health in their own hands and do what works best for them without any judgment or risk of consequence. This means that when their cybersecurity employees are feeling overwhelmed, organizations must allow them to take a break in order to detach, regroup and focus on their health, and this can look different for everyone.
For example, I journal every evening to “bookend” my day by reviewing my actions for that day and identifying areas for improvement. Once the thoughts are on paper, they’re out of my mind and I can move on. Such exercises must be suggested, championed and prioritized among cybersecurity professionals, and the support to do so must come from their own managers, leaders and mentors.
Improve hiring practices
We’ve reached a place with remote work where flexibility has become key. Remote work and the ability to hire from anywhere, regardless of proximity to a physical office, has benefited the talent pool, but there’s a long way to go. Rethinking job descriptions to be more inclusive and focused on core requirements may open the door to nontraditional cybersecurity candidates. This also means emphasizing the availability of training, mentorships and resources to help support individual expertise and career growth within the security field. Mental health resources are a powerful recruiting tool.
In turn, applicants for cybersecurity positions must also ensure the company prioritizes culture and people first. While it’s the responsibility of the company and individual managers to ensure a healthy, “psychologically safe” environment where employees feel comfortable being themselves, new employees must be empowered to take a protective stance on their own work/life balance. Evidence that the company prioritizes this should come through in the job description, and if not, applicants should follow up to learn more about the company culture.
Expand cyber education
There is also a need for a greater sense of responsibility from both organizations and current cybersecurity experts to better educate young professionals about security careers. When thinking of a cyber profession, many young minds imagine a black hat hacker and the pressures that come with such a role, but that’s not the end-all, be-all of this career. From chief security officers to enterprise security architects, policymakers, communicators and educators, the industry is filled with roles that require security-related skills, but we’re not doing enough to advocate and educate young professionals on those career paths.
This education should not just entail the rewarding aspects of a cybersecurity profession, but should also shed light on the challenging, stressful and overwhelming moments that all cyber employees at one point will encounter. Balancing both sides through any educational experience will ensure that future cybersecurity employees are better prepared for what security careers can offer, and can begin prioritizing mental health from the beginning, before experiencing the burnout so many cyber professionals are going through now.
While May is designated as Mental Health Awareness Month, it goes without saying that the burnout currently being experienced in the cybersecurity industry needs attention all year long. We are at a pivotal moment in time among the adaptation of flexible work practices and the rapid implementation of digital transformation and modernization efforts. Fortunately, this creates timely and valuable opportunities for leaders across industries to begin putting the mental health of their current and future cyber professionals first. This will ultimately lead to more loyal employees, rested and prepared to fight against the next cyber threat.
Shamla Naidoo is CSO and head of cloud strategy at Netskope.