Mental Health and the Cybersecurity Profession
Mental health may be cybersecurity’s biggest challenge.
Globally, anxiety and depression account for 12 million missed workdays and $1 trillion in lost productivity. Dial down specifically into the tech sector and, according to a 2017 report, 46% of employees have a mental health disorder and 99% have been diagnosed with a mental health issue in the past. That was before COVID and before all the intensifying pressure of cybersecurity and compliance we see today.
It’s fair to say professionals in cybersecurity face intense stressors each day. In fact, anxiety and mood disorders, such as depression, have the highest prevalence among employees in this industry. Some of the stressors include:
- Too much pressure—Workers are shouldering the burden and fear of thwarting cyberattacks that can affect millions of people and make headlines
- A lack of progress and completion—Today’s evolving and relentless attack environment undermines the sense of job completion
- A sword hanging over their heads—Cyber professionals live with the notion that just one successful attack could end their career… and that attack could be just around the corner
- A sense of hopelessness—Even the most mission-driven professionals can fall prey to the pressures of continually being under threat of attack
As if that weren’t enough stress, the cyber workforce shortage continues to add additional pressure across the industry, making stressful jobs even more so. Simply put, when it comes to cybersecurity, asking anxious, over-stressed, burned-out employees to secure your data day in and day out creates the perfect storm for a breach, even if you have the most skilled technicians on board.
Spotting anxiety and depression in the workplace.
You may be wondering why you don’t see that much anxiety and depression going on. In a workplace environment, anxiety and depression are often masked.
- “I’m just stressed this week.”
- “Bob is in a bad mood…things must be going badly at home.”
- “No, I’m fine. I’m just a little distracted today.”
You’ll find that many don’t tip their hands at all because the stigma around mental illness. But allowing these issues to fester can lead to lost workdays, workplace errors, slower productivity, burnout and morale issues, not to mention intentionally creating the much-feared breach. With burnout rates on par—or in excess of—that of healthcare workers, cybersecurity professionals are especially at risk. So it’s important to recognize the signs so you can help yourself and others get help.
Warning Signs of Depression
- Trouble sleeping, or sleeping too much
- Feeling sad
- Loss of interest in activities previously enjoyed
- Social withdrawal
- Difficulty concentrating and making decisions
- Changes in appetite, overeating or not eating enough
- Fatigue
- Restless activity or slowed movements and speech
- Feelings of worthlessness or guilt
- Thoughts of suicide or self-harm
Warning Signs of Anxiety
- Excessive worry
- Feeling nervous, irritable or on edge
- Sense of impending danger, panic or doom
- Increased heart rate
- Breathing rapidly (hyperventilation), sweating, and/or trembling
- Feeling weak or tired
- Difficulty concentrating
- Trouble sleeping
- Gastrointestinal (GI) problems
Doing something about mental health in the workplace.
Once you know the signs, the Center for Workplace Mental Health suggests a three-pronged approach. If you see a co-worker’s appearance, behavior or performance changing over time:
- NOTICE:Take note of the behavior. If it persists for two or more weeks, move to the next step.
- TALK:Find a quiet and private place to ask a co-worker are you ok? Expressions of concern contribute to a supportive work environment. Be a good listener.
- ACT:Listening is a big help, but so is connecting a person you are concerned about with care. Remind them of workplace resources and ask them to consider talking to a healthcare professional. If you are worried about the person’s immediate safety, do not leave the person alone. Seek emergency assistance. If not, check back in with the person in a day or two to see how things are going.
Knowing the signs of mental challenge and empowering employees to talk about these issues goes a long way. The American Psychological Association also recommends other initiatives, such as taking a critical look at inclusion policies and reexamining health insurance options that offer better mental health programs.
Finding ways to make a big impact with little effort.
Over the years, SteelCloud has seen the huge impact our compliance automation solution, ConfigOS, has made among cybersecurity experts who were overwhelmed by constant STIG and CIS compliance needs. It makes cybersecurity’s most cumbersome and hated job much easier.
All it takes is one breach. As a result, having a plan for mental health can have as big an influence on your cybersecurity initiative as Zero Trust and other cyber practices. For more information, keep your eyes peeled as we post more blog articles and social media snippets this Mental Health Awareness Month on the mental health crisis in cybersecurity.
