Your Brain on Ransomware

The stakes are high. The enemy is relentless, the weapons sophisticated, and the threat landscape is ever-expanding. This is the reality facing cybersecurity practitioners today. And it is taking its toll on these battered, frontline cyber defenders.

A recent survey of CISOs from mid-size and large companies in Europe and the U.S. provided some insight into the mental health challenges of the job. According to the Survey:

  • 74% of CISOs said that team members had quit over the most recent twelve months due to stress on the job. In 47% of the cases, this has happened more than once.
  • 66% of CISOs admit that their stress levels impact their ability to adequately protect the organization.
  • 77% of CISOs say that their work stress is directly impacting their physical health as well as their mental health, including negatively affecting their nutrition and sleep.

These are disturbing findings and are a clear indication that a mental health crisis is brewing.

Fortunately, the industry is taking notice. For example, in San Francisco this past April, taking place alongside the RSA Conference 2023, was the first-ever Mental Health in Cybersecurity Leadership Summit. According to the event’s formal announcement, the Summit’s purpose was to “bring together industry leaders, mental health experts, and cybersecurity professionals to discuss the importance of mental wellness in the cybersecurity field.” Notably, no less an industry luminary than Jen Easterly, the Director of CISA, gave her imprimatur to the conference by offering an online invitation and strong encouragement to cybersecurity leaders and professionals to attend.

There are practical solutions to address the mental health challenges of working in cybersecurity. In the Survey cited above, every CISO admitted that they needed substantial additional resources to cope with current IT security challenges. Other stress relievers identified by this group included better or more automated tools (45%), better training (41%), and outsourcing some responsibilities (40%). Fortunately, there is an increasing number of firms with product sets designed to address these and other operational stressors plaguing the cybersecurity workplace.

In addition to services provided by the general mental health community, there are firms focused specifically on improving the mental well-being of cybersecurity professionals. Cybermindz, the primary sponsor of the Mental Health in Cybersecurity Summit, is a good example. The Australian company has developed a special meditative process or protocol specifically to reduce stress and rebuild the emotional and cognitive health of anxious or burned-out cybersecurity workers. Indeed, one of the purposes of the recent summit was to introduce Cybermindz’s technology to an American audience.

The mental health challenges facing cybersecurity practitioners are not going away. Leaders of the organizations that rely on the skills and commitment of cybersecurity experts to keep their data secure must raise their awareness of the problem and proactively implement solutions. Cybersecurity providers themselves may also become more engaged in addressing the mental health challenges of their clients in addition to solving the practical and operational challenges of cyber professionals.