Welcome to the PsyberReslience Project, the first comprehensive and ongoing effort to address the prevalence and impact of stress, burnout, and mental health challenges in the cybersecurity workforce.
The more than 700,000 professionals that make up America’s cybersecurity workforce are increasingly being described as our digital first responders – a first and unflinching line of defense against an unrelenting wave of cyber-attacks against businesses, governments, and entire communities.
Attacks that the Chairman and President of IBM described as the greatest threat to every profession, every industry, every company in the world. That’s a lot of pressure, and it’s beginning to show.
Like all first responders, there’s increasing concern about the mental wellness of this workforce. Not only has cybersecurity become a very high stress and quick burnout industry, many of those working in it entered the field already burdened with mental health challenges like anxiety, depression, and PTSD.
As these mental health challenges take an increasing toll on the an already strained cybersecurity workforce, it’s time to build PsyberResilience into your risk management calculations.
The Original Survey
The PsyberResilience Project began as a survey in early 2020, to get a clear picture of the prevalence and extent of stress and burnout on security professionals.
The survey was suspended with the arrival of Covid and the realization that with everyone’s stress levels elevated, we wouldn’t get accurate readings. However, the project continues to push forward to help security professionals protect their mental wellness and help organizations maintain their psyberresilience.
What Do We Hope To Deliver?
- A greater understanding of the impact of stress and burnout on security professionals, and how that needs to be managed in order to protect them and their workplace.
- A roadmap of possible improvements and solutions from the perspective of these digital first responders.
- Tools to help cybersecurity professionals cope with these challenges.
- A blueprint for employers to create programs to maximize the PsyberResilience of their security workforce.
- An ongoing series of video interviews with security professionals and mental health experts specifically focused on stress in security.
Who’s Behind The Project?
The PsyberResilience Project was created by Neal O’Farrell, one of the first generation of security professionals who has spent nearly 40 years working in cybersecurity. Which is about the same length of time that he’s wrestled with a variety of mental health issues that have walked lockstep with his security career.
In addition to the PsyberResilience Project, Neal is also leading the development of an action cluster focusing on how smart cities can help improve mental health, as part of the NIST/GCTC Smart and Secure Cities and Communities initiative. Learn more about him.
Why The Need?
A Ponemon study found that 65% of SOC professionals say stress has caused them to think about quitting.
A 2019 Symantec study of nearly 3,000 security professionals found that almost two thirds of cybersecurity professionals have considered quitting their jobs or leaving the industry altogether specifically because of stress and burnout.
A recent survey by Nominet of 800 CISOs in the U.S. and the U.K. seems to suggest that not only is stress high in the security world (at least amongst CISOs), it might be getting worse:
- The vast majority of CISOs (88%) remain moderately or tremendously stressed.
- Nearly half of CISOs, 48%, said work stress has had a detrimental impact on their mental health. That was almost twice the previous year.
- Nearly a third of CISOs, 31%, reported that their stress had impacted their physical health.
What If We Continue To Do Nothing?
It looks like we’re already there. Early responses to the project suggest that while security professionals have been complaining about the impact of stress and burnout for nearly a decade, employers and security industry associations have largely ignored the issue.
We’re already seeing the consequences:
- More security professionals than ever before are talking about quitting the industry altogether – at a critical time when there’s no one available to replace them.
- Security professionals are also increasingly talking about growing cynicism about the mission, and how that could impact their commitment to the cause and the fight.
- Stress and burnout are known to impact judgement, attention, focus, decision making, and clarity of thinking. Those effects combined with growing frustration, disillusionment, and “checking out” could increase the risk of threats making it past these critical defenders.
- As security professionals become more vocal about the stress of the job, it could have a chilling effect on a potential new generation of security professionals.
Employers who do recognize and support the mental wellness of their security teams could use that as a recruitment advantage in stealing talent from other employers.
“Cybersecurity professionals are first responders, locked into a constant arms race with attackers – where talent and skill are the most important weapons. Highly stressed workers are far more likely to be disengaged and ultimately quit. In an industry already plagued by a skills shortage, this is a significant risk to businesses.” Chris Brauer, University of London.