cyber daily logo

Breaking news and updates daily. Subscribe to our Newsletter

Breaking news and updates daily. Subscribe to our Newsletter X facebook linkedin Instagram Instagram

Op-Ed: Avoiding burnout in cyber by strengthening diversity and HR processes

Stress and hypervigilance come with the job when you’re an effective cyber security professional, as there is an ever-present pressure to detect and prevent highly damaging attacks.

user iconCarly Stoneman
Wed, 22 Mar 2023
Op-Ed: Avoiding burnout in cyber by strengthening diversity and HR processes
expand image

But being in a state of constant vigilance has physical and mental consequences over the long term, and the mental health toll means we’re seeing an exodus of experienced cyber professionals from the industry just as we need them the most.

Is there enough diverse talent in the industry?

Actively addressing the mental health needs of cyber employees has become a must-have, not an option. One of the ways to alleviate the pressure on existing cyber teams is for human resources to start diversifying the workforce to ensure as many qualified and cyber-ready individuals of all backgrounds feel welcome in these crucial roles.


Recent research shows that women make up a mere 16 per cent of the cyber security workforce. Further research has found that nearly 50 per cent of women are looking for more flexibility, and 45 per cent want more mental health resources. To improve diversity in cyber security, organisations need to not only hire more women but also offer them the support they need to thrive.

Placing mental health front and centre of HR programs can improve an organisation’s ability to attract and retain workers and can help to stem the brain drain in cyber roles.

Shouldering responsibility with limited oversight is wearing thin

Cyber security is a notoriously demanding profession, one involving constant pressure, often attracting direct blame if something goes wrong and real-world consequences if a mistake is made.

Individuals in these roles often feel very personally responsible in the event of a significant data breach. Mimecast’s State of Ransomware Readiness 2022 report indicated that 61 per cent of cyber security decision-makers in Australia feel this way, which can lead to increased pressure outside of the workspace.

There is a slight downward trend regarding this sense of responsibility, with this figure dropping from 72 per cent in the previous year. However, we also saw pressure in these roles increasing over the last year, with a series of high-profile data breaches and government action in the space. The breaches of Optus and Medibank made cyber security a dinner table topic of conversation and demonstrated just how damaging a cyber attack can be.

Government policies have also placed more responsibility on private sector companies to improve their cyber security mitigation strategies.

This is taking a toll, with 56 per cent of cyber security decision-makers saying that their current role is getting more stressful every year.

How to alleviate cyber stress

There are many levers that Australian companies can pull to help to mitigate the stress on cyber security professionals, particularly around providing a flexible workplace, mental health initiatives and improved company-wide training.

To help reduce stress among cyber professionals and encourage a more diverse range of people to enter the industry, Australian companies should provide as flexible a working environment as possible, along with the support necessary to ensure workers can reach an optimal work/life balance.

Actively introducing programs such as mindfulness and meditation as a regular occurrence in the workplace helps to reduce stress and challenges with hypervigilance that come with a cyber security role. An outstanding example of an organisation tackling stress head-on is Cybermindz, which was conceived to provide resources and support to anyone feeling overwhelmed in the cyber community.

A physical reboot

Mimecast is a proud founding partner of Cybermindz, which has pioneered the iRest protocol. This was developed by a clinical psychologist and involves a 10-step sequence to help cyber professionals address hypervigilance and hyperactivation.

Cyber staff who have been through Cybermindz sessions to help them de-stress report significant improvements in their daily mental resilience.

One example is the Allianz APAC cyber team, who, in a series of video testimonials, described feeling like they need to be constantly working and monitoring all potential threats, which leads to being in a fight or flight mode and huge amounts of stress.

The Cybermindz sessions help the team members to look after themselves and go through a “physical reboot” to help prioritise certain tasks and switch off from work when it’s needed.

“Initially, I came in and was very stressed — I felt like I needed to go back to work,” one of the Allianz team said. “But then I felt very relaxed, and the thoughts did go away. Walking out, I felt relieved and like I know how to manage my stress a bit now.”

Managing stress can alleviate the ‘human factor’ in breaches

A huge number of data breaches and cyber security incidents are the result of human error, and a company is only as safe as its least cyber-aware employee. Conducting training across the business and analysis into the main risk areas will help to ease the burden on cyber professionals.

Australian businesses should train their entire staff to become more cyber-aware, which then spreads the message that cyber security is everyone’s responsibility, rather than having it all bear down on those in cyber-specific roles. Ensuring all employees understand their responsibility to remain vigilant can help to lessen the stress on cyber security staff and reduce the risk of them burning out.

It’s impossible to entirely remove stress from a cyber security job, but these initiatives can help companies get on the front foot and help to mitigate the risk of burnout and mental ill-health among cyber security professionals.

Carly Stoneman is the human resources director (APAC) at Mimecast.

cyber daily subscribe
Be the first to hear the latest developments in the cyber industry.