Does Working in Cybersecurity Pose Risks to Mental Health?

Working in cybersecurity is stressful. You’re responsible for protecting businesses from cyberattacks which can put their profits and reputation at risk. So it’s unsurprising that working in cybersecurity poses problems for staff mental health.

A huge 91% of cybersecurity professionals report feeling stressed in their role — and almost half of these said their work-related stress levels have increased over the last year. 45% have even considered quitting their jobs due to stress.

On the week of World Mental Health Day, find out how your cybersecurity career can impact your mental health, and how you, your colleagues, and your employer can make sure everyone is happy and healthy at work.

Stress and burnout: why are cybersecurity workers at risk?

Cybersecurity staff report that the three most stressful factors of their work are:

• The impossibility of stopping every threat
• The expectation to be constantly on call
• Not having enough security operations staff.

Lisa Ventura, the founder of Cybersecurity Unity, agrees that pressure to perform is one of the biggest causes of burnout. In a recent edition of our Cybersecurity Sessions podcast, she said, “CISOs in particular have a challenge because they need to be online 24/7. They’re under significant pressure to deliver and be on-hand to stop attacks.

“And it isn’t just CISOs. Cyber professionals across the board can be affected. Cyber in particular does have a stress and burnout problem. As a result, it also has a retention problem, with many leaving the industry because of the immense stress and pressure they’re under in their roles.”

The cybersecurity skills shortage means there are fewer staff to replace those who are leaving the industry, increasing the burden on your remaining employees. Our principal security researcher Cyril Noel-Tagoe says, “It becomes a vicious cycle. You’ve got skills gaps, but then you’ve also got people leaving the industry due to stress, which means the people that are still there inherit their workload. Then the stress continues.”

Some people thrive in these pressurized conditions — but they still need business support and the right working conditions to remain healthy, focused, and productive at work.

Remote work: is it good or bad for your mental health?

The shift to remote work since 2020 has had a complex impact on staff mental health. Some researchers suggest remote working reduces stress, while others have found 29% of people feel that working from home is bad for their health and wellbeing.

“I’ve seen a lot of people feeling isolated because of the move to working from home,” says Lisa. “So I’m a big advocate of finding the right way that works for the individual. Some individuals absolutely thrive on being in the office five days a week. Some need to be remote-based full time. Others might prefer that hybrid mix.

“It’s all about empowering individuals to make those choices, and making sure they’re supported by their employers.”

Many cybersecurity staff can now work from home, and those that work for companies where there isn’t a formal policy in place still have the legal right to request flexible working. Your employer must consider your request, so talk to your manager if you want to work remotely some or all of the time.

Is workplace bullying a problem in the cybersecurity sector?

Bullying is usually seen as a problem for teenagers and younger people. But in certain workplace environments it does still occur.

“I do see that bullying is absolutely prevalent in cybersecurity, both on social media and in the workplace,” says Lisa. “I’ve been at a few different organizations where I’ve had this happen to me. I’ve also seen the most awful abuse and Twitter pile-ons.”

Lisa observed an increase in bullying tactics following the shift to remote working. “I found that with the move to platforms such as Teams and Zoom, bullying and abuse increased on those channels. It’s almost like people feel they have a license to say what they want because they’re at the end of a keyboard and there are no ramifications.”

Workplace bullying leads to stress, illness, poor performance, absenteeism — and more bullying. It’s more likely to happen in workplaces where there’s higher strain, team conflict, and less effective organizational strategies — so if your cybersecurity department is affected by any of these, it could exacerbate an already-stressful environment.

“It can be really soul-destroying,” Lisa adds, “especially if it’s done in a really public way. It’s a huge problem. Sometimes, even if you raise it, things aren’t followed through properly, or the individuals concerned aren’t fully dealt with, or it’s brushed under the carpet. In those cases, you do feel you have no choice but to find something else and leave. And it’s far better to leave a toxic environment than it is to stay in it and have it affect your mental health.”

How to promote good mental health for cybersecurity staff

It’s not always easy to prioritize your mental health when you’re under pressure at work. But everyone can take steps to protect their own mental health, help their colleagues, and make sure the workplace is safe and supportive for everyone.

Take a break from social media

“On social media, people find this voice where they almost feel like there’s no one on the other side of the screen,” Cyril says. “In our work, [actors on forums] can be very intense in how they talk about us as security researchers. I know I can avoid that, but for other people, it’s constant wherever they go online.”

Social media can feel like an onslaught of negativity — so if it’s getting you down, take a step back. Even if you need to spend time online at work, consider taking a break from it in your personal life to get some distance.

Think before you post

Online messages or posts can be interpreted in different ways, even if they’re not intended to be hurtful. “You might be having a bad day, and that spills out into what you’re about to post,” Lisa says. “If you’re hovering over the keyboard, I would urge you to stop for 30 seconds and think: how would I feel if I received what I’m about to say?

“Just try to put yourself in the shoes of the other person that you’re about to send that message to.”

Check in with your colleagues

Even if you’re feeling OK, the pressure may be getting to your co-workers. “Check in with your colleagues,” says Lisa. “Ask if they’re OK, if there’s anything they need support with, or just lend a listening ear.”

Not everyone will be immediately open about their feelings or mental health. The important thing is to show empathy, invite conversations, and ensure your colleagues know you’ll be there if they need to talk. Businesses can appoint mental health champions to show you’re serious about staff support.

Introduce wellbeing programs

Many businesses have introduced wellbeing programs for their staff. Employee Assistance Programs offer all kinds of support, from counseling to fitness incentives to coping strategies.

“These wellbeing programs are so important for supporting not just cybersecurity professionals, but all employees within the workplace,” says Lisa. Better staff wellbeing can improve employee retention and productivity — so both businesses and staff benefit from this investment.

Look for external support

Seek support outside the workplace. Organizations like Thrive provide coaching and assistance for people who want to improve their own mental health, and help others.

Support is available for companies who want to make cultural changes that promote mental health, too. “Respect In Security encourages organizations to take a pledge and follow a code of conduct against bullying and abuse in their organizations,” Lisa says. “They do some amazing work, and I’d love to see that amplified as more organizations get on board with it.”

Take it seriously

“If somebody reports an incident, investigate and talk to the individual concerned,” advises Lisa. “Have some really strong policies in place against workplace bullying and abuse. If you do receive a complaint, try not to brush it under the carpet. Try to act on it and get some proper safeguards in place so that everybody feels safe in the workplace.”

Business leaders can also take preemptive measures to support their cybersecurity staff. Learning about cybersecurity threats helps manage your own expectations of your team if an attack happens. Start with our cybersecurity knowledge base.

Invest in cybersecurity

Make sure staff have the budget and resources they need to adequately protect your business. You may need to hire or upskill staff to share the workload and responsibility more evenly. More than half of cybersecurity personnel also believe more automation is needed to improve security ops, so invest in accurate cybersecurity software to take some of the pressure off your team.

Learn more about how Netacea detects and prevents automated attacks using machine learning.