Image Credit: hareluya/Shutterstock

Cybersecurity is a high-stakes game. With the average data breach costing $4.35 million, security analysts are under constant pressure to protect critical data assets, and are often left to take the blame if something goes wrong. Together, these factors provide the perfect recipe for a mental health crisis.

Today, application security provider Promon released the results of a survey of 311 cybersecurity professionals taken at this year’s Black Hat Europe expo earlier this month. Sixty-six percent of the respondents claim to have experienced burnout this year. The survey also found that 51% reported working more than four hours per week over their contracted hours.

Over 50% responded that workload was the biggest source of stress in their positions, followed by 19% who cited management issues, 12% pointing to difficult relationships with colleagues, and 11% suggesting it was due to inadequate access to the required tools. Just 7% attributed stress to being underpaid. 

Above all, the research highlights that cybersecurity analysts are expected to manage an unmanageable workload to keep up with threat actors, which forces them to work overtime and adversely effects their mental health.

The need to support mental health with a security-first mindset 

This research comes not only as the cyber skills gap continues to grow, but also as organizations continue to single out individuals and teams as responsible for breaches. Most (88%) security professionals report they believe a blame culture exists somewhat in the industry, with 38% in the U.S. seeing such a culture as “heavily prevalent.” 

With so many security professionals being held responsible for breaches, it’s no surprise that many resort to working overtime to try and keep their organizations safe — at great cost to their own mental health.

“Our research at this year’s Black Hat Europe sheds light on some of the major failings that we’re seeing within the cybersecurity industry as a whole,” said Jan Vidar Krey, VP of engineering at Promon. “It’s no secret that working in this industry is tough and, for many, it requires a lot of hard work and often overtime as well.”

Given that modern enterprise environments put extreme pressure on security teams, CISOs and other executive leaders need to be doing more to support the analysts on the front lines. 

“Knowing that these jobs often come with inherent stress, businesses need to do more to support their employees from the outset, and ensure that they know they have a place to turn if things start to become overwhelming,” Krey said. 

Not only do organizations need to offer cybersecurity professionals more support with work-life balance, they need to embrace a “security-first” mindset, with all tiers of the organization taking responsibility for its overall security — and not just place the burden on a handful of analysts.