Mental Health and Cybersecurity

Frankie Wallace

Strong cybersecurity is vital, and the cybersecurity industry is evolving at a rapid pace. Still, even as more and more companies embrace cybersecurity professionals, a key aspect of this field remains overlooked: mental health.

You might ask yourself what cybersecurity has to do with mental health. While acts like cyberbullying can obviously lead to negative mental health outcomes, the connection goes beyond that. In fact, the two are related in more ways than you might think. Mental health can have a critical impact on industry professionals and even affect cybersecurity practices.

Today, depression, burnout, and even suicide are becoming more common among cybersecurity professionals. However, that is not to say that workplace stress is unique to this industry. In contrast many other employees in various fields of work face intense pressure on a daily basis. In fact, depression is a leading cause of disability in the world, following heart disease. But cybersecurity professionals seem to be especially susceptible to stress.

Stress in the Cyber Work Space

Why? First off, IT systems are constantly being attacked, so there’s no real “done for the day” when it comes to cybersecurity work.  To quote Andrea Limbago, an executive at cybersecurity firm Endgame from an article on Technology Review, “There’s never a downtime. It’s non-stop and every day is a battle.”

Also, cyber-criminals innovate new methods of penetrating systems at an amazingly fast rate. “The challenges to keep up are insane,” says Jack Daniel, the co-founder of BSides, a cybersecurity conference that has highlighted mental health issues in the industry.

Staff Shortage

Secondly, there is a major labor shortage when it comes to the cyber work space. Moreover, those engaged in it face immense pressure and strict deadlines in trying to cover the duties of many unfilled cybersecurity positions. As reported in the Technology Review article linked above, a survey by the Enterprise Strategy Group and the Information Systems Security Association of 343 cybersecurity executives found that “almost 40 percent of them said that the skills shortage was causing high rates of burnout and staff turnover.”

The global staffing shortage in information security means that many departments are operating with half the staff needed. Indeed, this increases stress exponentially. The stakes to protect information online are extremely high, and so it stands to reason that levels of stress are escalated too.

Mental Health Background

Finally, as a field, cybersecurity tends to attract people from varied backgrounds. According to an article on Countable:

Anecdotal evidence suggests high prevalence of mental illness in the information security community, perhaps heightened by the hacker subculture attracting people from a variety of backgrounds, some of which may involve pre-existing mental health conditions.

Furthermore, cybersecurity attracts many ex-military members, who’ve had their own experiences with PTSD. These factors, among others, explicitly contribute to the increasing rate of mental health issues in the cyber workspace. Indeed, dealing with mental health issues was a recurring theme at the Black Hat USA conference for cybersecurity professionals in Las Vegas.

Accompanying Health issues

Stress from work is often the cause of health issues. In fact, can greatly exacerbate existing medical conditions and lead to chronic disorders. For instance, stress can increase the frequency of varicose veins, as stress majorly weakens blood circulation. Heightened stress can rapidly increase blood pressure, which strains the walls of your veins. After a time of prolonged stress, such as that experienced by cybersecurity professionals, the problem can grow severe.

This is but one of the many side effects of work-related stress that cybersecurity professionals are vulnerable to. Heightened stress can also lead to severe mental health issues, which can have dire consequences.

Suicide Risk

In fact, mentally ill people are one of the groups most at risk for suicide. As stated by Jeffrey W. Swanson, Ph.D., “the connection between those struggling with mental illness and mood disorders and suicide is strong enough to characterize as ‘intertwined.’” These findings are extremely relevant to the cybersecurity field, where mental health issues are increasingly common.

In the Countable article, Jay Radcliffe of Boston Scientific, known for hacking devices, states, “In the past year I know several people in the [cybersecurity] community have taken their own lives.” Radcliffe himself struggled with depression and decided to open up about his struggle with mental illness at Black Hat USA. This decision came from a realization that many in the cybersecurity field faced similar issues that are often disregarded. “It’s a sad thing, and something I feel responsible to talk about,” says Radcliffe.

Affect on the Cybersecurity Community

Unaddressed mental health issues can also have serious ramifications when it comes to the actual practice of cybersecurity. In an article published on InfoSecurity, Patrick Putman writes that cybersecurity professionals and criminal hackers only differ due to their state of mind. Both cyber professionals and hackers have the ability to manipulate their target — what separates the good guys from the bad is their mental health.

As stated by Putman, “What separates the good from the bad more than anything is empathy. It prevents professional hackers and social engineers from crossing the line.” According to the author, stress, depression, and anxiety can all lead to erratic urges. These urges can manifest in various forms and are often used to justify extreme behavior like stealing data or destroying systems. Subsequently, cybersecurity measures can be heavily compromised.

There is plenty of evidence pointing to the rising instances of mental illness among cybersecurity professionals. Overlooking these facts is not an option, and doing so can lead to grave outcomes. While staying ahead of cybercrime is integral, it is only possible to do so in a stable and healthy work environment. The first step is to acknowledge the prevalence of mental health issues in cybersecurity. Only then can we spread awareness to help improve the situation.

Tags: , , , ,