The vast majority of cyber security professionals (91%) reported experiencing mental health challenges over the past two years, with only 11% reported they hadn't experienced burn out due to their job.

Sekuro has released its Mental health in the Australian cyber security industry whitepaper, which found half of respondents (51%) attributed their mental health struggles at work to poor culture and/or management styles, with 50% citing the high-stress nature of a job in cyber security.

The survey asked 101 cyber security professionals across all levels of seniority in their network about their experience with mental health and burnout in the workplace.

Of those that experienced mental health challenges, a staggering 37% quit their jobs in response to mental health issues, with 9% changing career paths altogether. 

According to a workforce study by (ISC), as of 2021, there were 134,690 cyber security workers in Australia. If this trend is reflected industry-wide, that means over 12,000 cyber security professionals could have left the industry over the past two years.

Cyberattacks aren't the biggest worry amongst cyber security professionals. Of the 91 cybersecurity professionals that responded to the question, unrealistic expectations from the board/executive leadership is keeping close to half (44%) of them up at night. Ransomware and malware attacks along with data breaches were an equal second at 35%.

The cyber talent gap still remains an issue with over a quarter saying growing the team is their biggest concern (26%).

Only slightly more than one-fifth (22%) said a pay rise or promotion would help their mental health.

The survey found mental health challenges in the workplace span across all seniority levels. Only 14% of executive leaders said they hadn't experienced burnout in the past two years. The highest rates of burnout were among team leads and individual contributors, with only 5% respectively claiming they had not experienced burnout due to their job.

"The results are saddening, yet unsurprising," says Noel Allnutt, Managing Director of Sekuro. 

"Cyber security professionals were faced with unique responsibilities when it came to managing the technological fallouts of pandemics, wars, and accelerated digitisation. This has put increasing pressure on leadership to do whatever it takes to prevent attacks." 

Addressing mental health challenges

The top request from employees to improve mental health in their workplace was more resourcing and tools to relieve pressure on staff (51%), followed by replacing management personnel who contribute to poor mental health outcomes (34%).

The top three ways cyber security professionals prevent or recover from poor mental health are by getting outside (66%), staying active (65%) and spending time with family and friends (61%). Interestingly, only 48% said they set clear boundaries at work to address mental health concerns.

"The survey results clearly show how important a cyber-aware board and leadership team can be in reducing stress amongst their teams, and the need for managers to be better trained in how to address mental health in the workplace," says Allnutt.

"If we don't stand up and take action to improve mental health in our industry we face losing more talent and worsening outcomes for everyone."