DIGITAL WORKFORCECybersecurity Professionals May Be Burning Out at a Faster Rate Than Frontline Health Care

Published 1 November 2022

More attention should be paid to the fast rate of burn-out among cybersecurity professionals. Hundreds of thousands of cybersecurity jobs are vacant owing to lack of cybersecurity talent – and that number is growing, among other things, by thousands of cybersecurity professionals who leave the field after a few short years.

As October’s Mental Health Month and Cybersecurity Awareness Month both draw to a close, a new study from not-for-profit cyber mental health support initiative, Cybermindz is showing early evidence of burnout in cyber professionals, signaling a potential loss of skills to a critical part of the economy.

Cybermindz notes that stress and burnout are not unique to cyber, but points out that systemic weaknesses in our human cyber defenses would tend to impact society at mass levels, especially if essential services like water, energy, telecommunications, health, financial services, food distribution and transportation are affected.

As the nation digests the continuing fallout of the Optus, Medibank and MyDeal breaches and others which are coming to light, Cybermindz has warned that unless policy makers recognize the mental health impacts on Australia’s embattled cyber workforce, a deterioration in the mental health of core defenders may accelerate, creating a cascading effect of reduced effectiveness and increased risk. 

While the research is ongoing and will run until year’s end, Cybermindz founder and veteran internet industry leader, Peter Coroneos, explained the importance of signaling the emerging trend as he compared it to “the canary in the cybersecurity coal mine.” 

He observed: “Most of our critical systems now have cyber risk exposure — it’s not hard to see that a reduction in our national cyber capability due to psychological burnout may have population-wide downstream effects. The pandemic, floods and bushfires have shown us the systems we rely upon are not to be taken for granted. Cyber attacks are a daily occurrence and, unlike natural disasters, there is no conceivable endpoint in sight.”

Coroneos added: “Cybersecurity workers are the unsung heroes of our time. Their day-to-day work is invisible, but a single failure through a breach which can affect millions of people makes headlines. The rapidly evolving and relentless attack environment defies any sense of ‘job well done’. The one successful attack that could end their career could be around the corner. They are mission-driven with a strong protective ethos. But a sense of hopelessness will eventually take its toll on even the most committed worker. So it’s important we recognize their efforts and invest in their wellbeing. We must build a strong and resilient cyber workforce. If they fall, we all fall.” Director of Organizational and Behavioral Research, Dr. Andrew Reeves is leading the study.

Reeves stated: “Although these are preliminarily results, they point to a worrying trend. On the key burnout metric of ‘professional efficacy’ – or how well cyber workers think they are performing in their current roles – they scored significantly worse than the general population. We also compared their rates of burnout on this metric to another highly burnt-out industry: that of frontline healthcare workers, and found that the cyber professionals score considerably lower than even this group on this metric.”

Reeves added: “This is worrying as this metric is a predictor of intention to resign. As a result, I think we are seeing early indications of a cohort of professionals who are questioning their own effectiveness and concluding their efforts are in vain. When good people leave the industry, we lose so much knowledge and expertise. It then increases the pressure on those who remain behind. As a psychological driver of burnout, it’s something we should all be concerned about.”