Increasing workloads are causing depression and anxiety among frontline security staff, report claims

How the infosec skills gap is causing a mental health crisis

Mounting pressure on information security professionals is creating a mental health crisis across the industry, a new report claims.

The survey from Vectra AI, released today (April 7), found that more than half of respondents (51%) have suffered depression, anger, or anxiety due to feeling overwhelmed by work.

A further 56% have had sleepless nights worrying about work and 42% have called in sick because they couldn’t face work.

The report polled 200 respondents working in roles across the infosec industry.

Growing problem

According to Vectra AI, all security leaders (94% of respondents) felt increased pressure to keep their company safe from cyber-attacks in the past year.

The study reads: “Furthermore, one in three have suffered a major security incident over the past 12 months – often resulting in finger-pointing, long hours, and damage to team morale, with one in five saying the incident caused their mental health to decline severely.

“The data suggests that this is part of a broader problem, with several security pros becoming overwhelmed and at risk of more severe mental and physical health issues.”


YOU MAY LIKE Generation cyber: How diversity and ageism can impact the IT workforce


“It is evident that skills shortages are taking their toll,” the report reads, pointing to the cyber skills gap as a major factor in why the respondents are overworked.

Two-thirds (67%) of those surveyed say they don’t have enough talent on their team, with almost one in five (17%) saying it feels like each person is doing the workload of three.

“The results also show an environment where security leaders are working more hours than ever but still cannot cover their workload, living in constant fire-fighting mode,” the report states.

Ever-changing IT environments and evolving threats bring added complexity to the role, with respondents citing rising concerns about ransomware or cyber-attacks within their supply chain that could hurt their organization and some claiming that the issue has given them sleepless nights.

Wake-up call

Steve Cottrell, EMEA CTO at Vectra AI commented: “These stats should be a wake-up call. Security teams and their leaders need support to shift away from the constant cycle of over-working and anxiety.

Read more of the latest infosec industry news

“Security leaders shouldn’t always be the ones to feel the blame when something goes wrong. In most cases, CISOs will have requested budget, assets, and changes that weren’t signed off – so they must be ready to remind the board that security is a shared responsibility. After all, we are all on the same team.

“With an improved focus on workforce wellbeing, increased investment, better training, and the right tooling, we can start turning the tide.”


DON’T MISS Respect in Security: Anti-harassment infosec industry group gains momentum with code of conduct campaign