Welcome to the PsyberReslience Project, the first comprehensive and ongoing study of the prevalence and impact of stress, burnout, and mental health challenges in the cybersecurity workforce.
The more than 700,000 professionals that make up America’s cybersecurity workforce are increasingly being described as our digital first responders – a first and unflinching line of defense against an unrelenting wave of cyber-attacks against businesses, governments, and entire communities.
Attacks that the Chairman and President of IBM described as the greatest threat to every profession, every industry, every company in the world. That’s a lot of pressure, and it’s beginning to show.
Like all first responders, there’s increasing concern about the mental wellness of this workforce. Not only has cybersecurity become a very high stress and quick burnout industry, many of those working in it entered the field already burdened with mental health challenges like anxiety, depression, and PTSD.
As these mental health challenges take an increasing toll on the an already strained cybersecurity workforce, it’s time to build psyberresilience into your risk management calculations.
One of the first steps in our project is to get a better sense of how prevalent these issues really are, and we’re doing that with a simple and non-scientific survey. The online survey is completely anonymous, consists of just 20 questions, and takes an average of around 5 minutes to complete.
Please note: the survey was suspended with the arrival of Covid and the realization that with everyone’s stress levels elevated, we wouldn’t get accurate readings. However, a comprehensive psyber resilience training program for your security employees is now available.
What Do We Hope To Get?
- A better understanding of the state of mental health in the cybersecurity community, including stress, emotional burnout, and mental illness.
- What security professionals believe is creating or triggering these issues, or making them worse.
- What security professionals believe would help mitigate these dangers.
What Do We Hope To Give?
- The most comprehensive insight into the state of mental wellness in the cybersecurity workforce over time.
- A roadmap of possible improvements and solutions from the perspective of these digital first responders.
- Tools to help cybersecurity professionals cope with these challenges.
- A blueprint for employers to create programs to maximize the psyberresilience of their security workforce.
Who’s Behind The Project?
The PsyberResilience Project was created by Neal O’Farrell, one of the first generation of security professionals who has spent nearly 40 years working in cybersecurity. Which is about the same length of time that he’s wrestled with a variety of mental health issues that have walked lockstep with his security career.
In addition to the PsyberResilience Project, Neal is also leading the development of an action cluster focusing on how smart cities can help improve mental health, as part of the NIST/GCTC Smart and Secure Cities and Communities initiative. Learn more about him.
Why The Need?
A recent survey by Nominet of 800 CISOs in the U.S. and the U.K. seems to suggest that not only is stress high in the security world (at least amongst CISOs), it might be getting worse:
- The vast majority of CISOs (88%) remain moderately or tremendously stressed.
- Nearly half of CISOs, 48%, said work stress has had a detrimental impact on their mental health. That was almost twice the previous year.
- Nearly a third of CISOs, 31%, reported that their stress had impacted their physical health.
A Ponemon study found that 65% of SOC professionals say stress has caused them to think about quitting. And according to a 2019 Symantec study of nearly 3,000 security professionals, almost two thirds of cybersecurity professionals have considered quitting their jobs (64%) or leaving the industry altogether (63%) specifically because of stress and burnout.
What If We Continue To Do Nothing?
It looks like we’re already there. Early responses to the project suggest that while security professionals have been complaining about the impact of stress and burnout for nearly a decade, employers and security industry associations have largely ignored the issue.
We’re already seeing the consequences:
- More security professionals than ever before are talking about quitting the industry altogether – at a critical time when there’s no one available to replace them.
- Security professionals are also increasingly talking about growing cynicism about the mission, and how that could impact their commitment to the cause and the fight.
- Stress and burnout are known to impact judgement, attention, focus, decision making, and clarity of thinking. Those effects combined with growing frustration, disillusionment, and “checking out” could increase the risk of threats making it past these critical defenders.
- As security professionals become more vocal about the stress of the job, it could have a chilling effect on a potential new generation of security professionals.
Employers who do recognize and support the mental wellness of their security teams could use that as a recruitment advantage in stealing talent from other employers.
“Cybersecurity professionals are first responders, locked into a constant arms race with attackers – where talent and skill are the most important weapons. Highly stressed workers are far more likely to be disengaged and ultimately quit. In an industry already plagued by a skills shortage, this is a significant risk to businesses.” Chris Brauer, University of London.