The Intersection of Cybersecurity Awareness Month and World Mental Health Day

October is Cybersecurity Awareness Month, and today, October 10, is World Mental Health Day.

In 2022, the World Health Organization (WHO) estimated that depression and anxiety led to a loss of 12 billion working days each year, costing $1 trillion per year in lost productivity. The good news is that, in the three-and-a-half years since the start of the COVID-19 pandemic, conversations about mental health have become more common and less stigmatized, including in the workplace. Within the Sikich Technology practice and its Cybersecurity team, we’ve seen employees becoming more aware of and open about their wellbeing. Fortunately, employers are also starting to place more importance on mental health by providing enhanced communication and support, and additional resources are being made available to help companies in those efforts.

Concerning Statistics

Working in the technology field can be stressful in the best of times. As Naveen Bhateja, Chief People Officer of Medidata Solutions, stated, “The tech industry adds another layer of complexity when taking into consideration the mental health discussion. The tech industry fosters a ‘crunch’ culture where demanding work must be completed in a short amount of time. The industry is known for high stress: late nights, abnormal hours, and tight deadlines, all while being constantly available at any time of day.”

While mental health data specific to the technology and cybersecurity space can be hard to come by, a Nominet survey focused on the stress levels of Chief Information Security Officers (CISOs) showed that 88% of surveyed CISOs reported being under moderate or high levels of stress.

It’s worth mentioning that the Nominet survey was conducted in 2019, before the COVID-19 pandemic. When the pandemic hit, the entire globe experienced higher stress levels, which led to significant declines in mental health. A scientific brief released by WHO in early 2022 showed that pandemic-related stressors led to a 25% increase in the prevalence of anxiety and depression throughout the world. Pew Research Center analysis showed that, by September of 2022, 41% of U.S. adults had experienced at least one instance of high-level psychological distress since the start of the pandemic. Most troubling, analysis from the Kaiser Family Foundation showed that suicide deaths increased sharply after the onset of the pandemic, with the number of suicide deaths in 2022 being the highest recorded up to that point.

Beyond the “normal” pandemic stressors that everyone was dealing with, those working in the technology field, including those responsible for managing cybersecurity or information technology solutions, were also facing widespread supply chain issues and talent shortages, as well as ransomware incidents and related costs that reached record highs.

A “State of Mental Health in Cybersecurity” survey conducted by Tines in 2022 showed that 26.8% of respondents reported that their mental health had gotten worse over the past year, and more than 50% of respondents had been prescribed medication for mental health purposes.

Fresh data on CISOs from a 2023 Cynet survey showed that the percentage of CISOs who said they were stressed at work rose to 94%. What’s more, 65% of respondents said stress negatively impacted their ability to do their jobs, and 74% had employees quit in the past year due to job-related stress.

These alarming statistics illustrate how significantly increases in stress levels can negatively impact mental health. That is important to understand if the expectation is to find solutions to the mental health issues with which so many people are dealing.

Encouraging Developments

Employees are becoming increasingly open to discussing their mental health at work. According to a 2021 survey conducted by Mind Share Partners, nearly two-thirds of those surveyed said that they had spoken with a coworker about their mental health over the previous year. This openness has resulted in organizational leadership not only hearing their employees’ mental health concerns, but also acknowledging and discussing them as well, including Sikich’s CEO, Chris Geier.

Identifying, acknowledging, and discussing mental health concerns is actually one of the most important ways an organization can provide employees with the support they need to be successful. While the Mind Share Partners survey showed that the availability of mental health resources provided by companies grew following the pandemic, including in the form of extra paid time off, mental health days, and mental health training, a Harvard Business Review (HBR) article discussing the results of the survey stated that the most desired resource from respondents was “a more open culture around mental health.”

It’s clear that employers will want to prioritize mental health moving forward. In addition to improving the experiences of their employees, it’s good for their bottom lines. “Addressing employee mental health is cost-effective for the employer and beneficial for the employee,” says Philip G. Levendusky, PhD, ABPP and Chief of Psychology Emeritus at McLean Hospital. “When employees receive effective treatment for mental illness, the result is lower total medical costs, increased productivity, lower absenteeism, and decreased disability costs.”

While companies have expanded the mental health benefits they offer to include access to services such as Ginger or ComPsych, which Sikich makes available to its employees, the real focus moving forward is to create a cultural change around mental health in the workplace. Per the previously mentioned HBR article, fear and shame can prevent even those companies with the best mental health benefits from seeing an increase in the usage of those benefits unless there is a stigma-free culture in place. Fortunately, the National Alliance on Mental Illness (NAMI) has started a campaign to encourage companies to pledge to be “StigmaFree.” Upon signing up, a company receives a kit providing resources, assets and information that they can use “to promote mental health awareness in the workplace and to encourage acceptance and understanding.”

Truly creating cultural change around the subject of mental health will require effort from all levels of an organization. Fortunately, groups like NAMI are making available an increasing number of educational resources that organizations and management teams can use to enhance their progress in this area. Hopefully, the future will see fewer instances of those standing in the way of a cybersecurity compromise having to compromise their mental health to do their jobs.

If you or someone you know needs crisis support, please reach out to the 988 Suicide &Crisis Lifeline by calling or texting the number “988.”