The Cybersecurity industry is evolving rapidly with an increasing induction rate where the security market is predicted to reach $170.4 billion in 2022 (Sobers, 2021). According to The US Bureau of Labor Statistics’ Information Security Analyst’s Outlook, predicts cybersecurity jobs will grow 31% through 2029, over seven times faster than the national average job growth of 4%. As the industry is growing at such a rapidly rate, the shortage of cybersecurity professionals and top expert / leaders is putting the mental and physical health of cyber professionals is at stake.
Nearly 1 in 3 security team members experience tremendous stress . Over 1 in 4 of CISOs admit stress levels greatly affect ability to do job (Crest, 2020)
17% CISOs said that they had turned to medication or alcohol to help deal with that stress. 1 in 6 CISOs now use medicines or alcohol (Winder, Davey, 2019)
In a report published by Harvard Business Review (HBR) postulated that burnout has become common in the cyber security profession. The numerous reasons for burnout in cybersecurity lack of quality leadership, workload, team dynamics, problems with fairness, lack of rewards, perceived lack of control, mismatched values. Burn out coupled with shortage of qualified experts within the industry has further deteriorated mental health of the professionals. ESG/Information Systems Security Association (ISSA) study claimed that “70% of cybersecurity professionals are impacted by the cybersecurity skills shortage and 25% of respondents said that the skills shortage has resulted in a high “burn out” rate among their peers” (Kenny, 2018).
Security professionals in particular are “2x likely to report poor work-life balance (44 percent vs. 20 percent), 5x likely to worry about job security (32 percent vs. 6 percent), and 3x likely not to take full vacation days (89 percent vs. 28 percent)” (Platsis, 2021).
Leadership plays an important role
Most companies including the top security firms are aware that the burn-out rate is astonishingly high, yet no major changes in the psychological human resource’s function has changed. H.Rs primary function is still to onboard personnel and from an admin perspective bring on new talent and manage the existing. This basic approach to HR, is archaic, redundant and should be seen as highly dysfunctional in today’s highly evolved digital society. This is because majority of these leaders in the security firms are either ill-equipped to exert strategic influence, lack of knowledge, know-how to implement, lack of understanding of how technology has evolved or lack of right expertise on board. And most often, these leaders fear change, and find that they are caught in repetitive patterns in a so-called negative feedback loop.
They repel against change as they want to be in control all times and lack of ‘bigger picture’ scenarios. They often have a common traits of hiring “B” team players as they do not want to rock their rice bowl and so, their managers will hire ‘C’ team players and this circle just goes round and round without ironing out the root cause. They also have the habit of hiring their own clan of like-minded individuals who brings no challenge to their leadership and fail to promote gender diversity. Most of these leaders also lack self-resilience and fail to strike a balance of the 4 quotients – IQ, EQ, AQ and SQ
Internal democracy plays another factor in the delay of hiring and this goes back to whom you hired in the first place. So, can you see a broader picture now and, understand why burn-out is high and why some top security firms were being hacked? If this continues with no immediate remedy to rectify the situation, both the security firms and their clients will be seriously impaired.
The hiring process amongst top Cyber companies is the slowest in the history. Hiring rate for top experts has reached only 25% in comparison with 2 years ago
On the other spectrum, you will find leaders who are resilient, bold, and innovative (which comprises of a small minority), who dare to challenge change by surrounding themselves with experts and talents who are smart or perhaps smarter than them to accomplish ‘change for better’ to meet both financial and wellbeing health. These are the true leaders who advocate change and not simply just for advertisement.
A leader is crucial in building cybersecurity resilience as “leaders are able to achieve significantly higher levels of performance compared with the non-leaders” (Bissell et al., 2020). A report published by Accenture security concluded that leaders have a distinct advantage in their speed in detection, fixing breaches, and reducing impact in comparison to non-leaders. Leadership in all organizations has been well documented as critical in driving not only the internal process but driving people in a structured and focused manner.
Presenteeism can cost US$1,500 billion per year in the US, based on the BLS data
So how do we combat this?
Organizations and leaders should re-think and re-define their leadership role, gender diversity, business model and processes. “Change” mentality must be adopted at board level and top management. Shifting its gear from a linear thinking to a more bold and diversified equation. Complement your strength by surrounding yourself with the right industry experts from various disciples who have good track record of hands-on experience and promote gender diversity for a balance quotient. Women have the same IQ as men but have higher EQ, SQ and AQ than men. In this complex environment, for a company not only to succeed but the ability to thrive, it is very important to have a fair balance of the 4 quotients for an overall health and financial wellness.
A resilience lean-agile top down, bottom up, decentralized approach would pave ways in this fast pace cyber connected world. This will allow each division to achieve their aligned goals in a more efficient manner, thus saving companies billions of dollars. A well-defined employee life-balancing program should also be put in place and actualized in the work practice. Too often we have seen companies laying lip service to the work life balance, whilst their employees wonder where that balance really is. This empowers employees as well as teaches them to be resilient, eat healthy, take care of their health –mind, and body in a holistic fashion.
To cope with the pace and to avoid this presenteeism stigma, many organizations are hiring cyber-business psychologists to help their leaders with cope with ‘change’ mentality, assist them to re-define processes, talent hiring, implementing resilience-balancing framework to improve both health and financial bottom lines. As with all new trends there are leaders and followers, as has always been the case in business. Merely having world calls Cyber solutions do have nay correlation whatsoever win a world class HR and Human resources organisation. In fact, the correlation is in fact negative, where these organizations are so focused on solution delivery, they are decades behind the more agile, person transformative cultures. Indeed, with many organizations having technology Boards in place they lack the background and experience to drive a truly diverse and inclusive culture and mindset. The times have changed and so must organizations, or ultimately they will be left in the footnotes of the historical quagmire of failed organizations.
- Cybersecurity careers can lead to personal issues. The pace and stress of a cybersecurity job can lead to personal consequences—29% of respondents say that they’ve either experienced significant personal issues as a result of cybersecurity job stress or they know someone else who has.
- Sixty percent of respondents claim that a cybersecurity job can be taxing on the balance between one’s professional and personal life. This and the unhealthy levels of stress of a cybersecurity job (36%) may be a leading cause of the significant personal issues described above.
(Enterprise Strategy Group, 2020)
Keen to understand more, reach out to Dr Christina Liang-Boguszewicz for a discussion.
“The author likes to thank Marek Boguszewicz, Mahnoor Z. and Studi M. for their contributions”