SecurityBrief UK - Technology news for CISOs & cybersecurity decision-makers
Story image
Cyber security budget cuts linked to mental health issues, survey reveals
Wed, 20th Dec 2023

Nearly two-thirds of IT decision-makers report that reduced budgets have adversely affected mental health within their field, according to a new survey conducted by Integrity360, a top pan-European cyber security specialist. The findings present a concerning look at the repercussions of economic constraints on mental health across the cybersecurity industry.

The research, based on responses collected from 205 IT security decision-makers, reveals that 60% of participants believe that budget curbs have negatively affected their mental health. Additionally, over half (55%) lament that the current economic conditions have decreased the availability of mental health and well-being resources within their organisations.

The leading sources of stress enumerated by those surveyed include safeguarding sensitive data (48%), managing risk and compliance (28%), defending identities (26%), contending with ransomware (25%), and securing cloud environments (23%). Lesser but still significant contributors to stress are secure IoT and OT environments (20%), expanded attack surfaces (19%), and security consolidation (18%).

CIOs exhibit a particular concern over security consolidation, reflecting their direct involvement. The drive to consolidate security tools for more robust network control and visibility results in 30% of CIOs reporting higher stress levels, compared to 18% of CTOs and 14% of information security analysts.

Though ransomware was marked as a lesser concern than protecting sensitive data, its resurgence has significantly impacted IT decision-maker's mental health and well-being, with 57% of respondents mentioning it as a stress factor.

Brian Martin, Head of Product Development, Innovation and Strategy at Integrity360, commented on the changing landscape of ransomware attacks: "Ransomware operators using extortion as opposed to ransoming data means they no longer need to encrypt the data they steal."

"Businesses need to be prepared that these tactics will continue to evolve and have the necessary teams and processes in place. A dedicated IR team will relieve the pressure and strains placed on businesses trying to keep pace with attackers," Martin said.

The survey further unearthed that 63% believe their work in the cyber security industry has elevated their stress and anxiety levels. On a brighter note, nearly 70% feel their employers provide sufficient support for their mental health and well-being. Nevertheless, most responders (75%) wish to see enhanced investment in mental healthcare resources.

According to Martin, "Cyber security budgets have always been challenging and this year has certainly tested many businesses. A myriad of issues from the budget, economic downturn and skills shortage have all impacted the workload placed on those tasked with tackling cyber threats and compliance, and it's no surprise this is having a detrimental effect on mental well-being."

"Businesses need to find solutions to support their employees and ensure that the systems they are working so hard to secure are up to the task. Enlisting third party help or outsourcing to an MSSP could be a good place to start."

This research was conducted by Censuswide between 9th-14th August 2023, targeting IT security decision-makers aged 18 and above. The group strictly follows the MRS code of conduct, based on the ESOMAR principles, in carrying out its studies.