Preliminary findings of a study by not-for-profit cyber mental health support service Cybermindz show the once behind-the-scenes, desk role has morphed into a 24/7 frontline pressure-packed position, where any software attack is considered their personal responsibility.

Cybermindz founder Peter Coroneos said frontline workers were spooked by recent Optus and Medibank hacks and were living in fear of a similar “attack that could end their career”.

“Their day-to-day work is invisible, but a single failure through a breach which can affect millions of people makes headlines,” he said.

“The one successful attack that could end their career could be around the corner. They are mission-driven with a strong protective ethos.

“But a sense of hopelessness will eventually take its toll on even the most committed worker … if they fall, we all fall.”

Dr Andrew Reeves, who is leading a study, said he was seeing workers struggling with mental health issues, “questioning their own effectiveness and concluding their efforts are in vain”.

He said the cybersecurity burnout rates were already higher than the general public and at levels which “at times exceed that of frontline healthcare workers”.

“Internally, they have competing pressures to allow their business to put products out … while also being pressured to ensure all systems are secure and robust,” Dr Reeves said.

“Externally, they’re aware that they may come under public fire if anything is missed. This can easily become a very high-stress work environment.”

Kevin Shaw, who spent more than 25 years protecting Australian businesses from cyber attacks, succumbed to burnout.

“Running on very lean budgets, lacking resources, and swimming against cultural attitudes also contributed to burnout,” Mr Shaw, 60, said.

“Some may feel that these events were preventable if only the messages from the cyber teams had been heard and changes made and this in of itself could cause intense frustration and stress.”

Ned Farhat spent half of his 30-year working career in cyber and forensics and said the pressure to “get it right”, coupled with time and budget constraints, made it “impossible to cover everything”.

“In forensics, you never know what you might encounter, executing a warrant you walk in blind,” he said.

“You have sometimes only a few hours while an army of lawyers hover over your shoulder waiting for you to slip up.

“In the meantime the defendant is being difficult, questions are being thrown at you and you have just encountered a piece of technology you aren’t prepared for and decisions need to be made.”

Mr Farhat, from Sydney, said while clients have become increasingly worried in light of recent hacks, they’re still looking for “quick and dirty” solutions.

“The mindset shift of cybersecurity being an expense to be minimised as opposed to a strategic investment will happen eventually,” he said.

“But unfortunately it’s always after an incident when the cheque book comes out.”

More Coverage

Crime watchdog puts Sportsbet, Bet365 on notice

Stephen Drill

US green lights $10bn defence sale to Australia

AFP

Originally published as Threat within: Cyber attacks are leaving workers burnt out, stressed and with PTSD