Stress and resilience: A timeline of mental health in cybersecurity

Welcome to the new 35 cyber warriors who joined us last week. Explore our weekly delivery of inspiration, insights, and exclusive interviews from the global BHMEA community of cybersecurity leaders.

Keep up with our weekly newsletters on LinkedIn — subscribe here. 

Get weekly insights, inspiration, and exclusive interviews from the global Black Hat MEA community – here in your inbox. 

This week we’re focused on…

How the relationship between mental health and cybersecurity has changed over time. 

Why? 

On the blog this week we wrote about the current state of mental health among cybersecurity practitioners.

Here, we’re looking at the timeline of stress and resilience over the last decade – to see why we need to enter into a new era of understanding.

The calm before the storm (pre-2015)

Threats were serious, but they weren’t constant. There was space to plan for the future, to take a breath. 

With hindsight, we can see that this time period was characterised by: 

• Lower attack frequency
• Smaller, more manageable security teams
• Work-life boundaries still (sort of) intact

Don’t get us wrong; things weren’t easy. But compared to the present day the security landscape was simpler and it moved slower; so practitioners didn’t have to be on every hour of every day.

The rise of threat complexity (2015-2020)

“What was secure yesterday could be a vulnerability tomorrow.” – Dr. Leila Taghizadeh (CISO, IberoLatAm and Global Head of Cyber Risk at Allianz)

The pace began to pick up. Threats were changing, and changing faster than ever before. 

So security during this time becomes a non-stop job: 

• Threats evolve rapidly: ransomware, APTs, nation-state actors
• Security teams start playing defense 24/7
• Mental fatigue begins to set in
• Growing need for always-on vigilance

The great burnout wave (2020-2023) 

“Cybersecurity is a role that never really allows you to switch off.” – Dr. Leila Taghizadeh

• COVID-19 → accelerated digital transformation
• Surge in remote attacks and phishing
• Understaffing and extended hours
• Reports of burnout skyrocket
• ISC² 2023 study: 50%+ of professionals report symptoms of burnout

Importantly, GenAI hit the world in a big way during this time period – a major driving force behind that surge in phishing and remote attacks. Threat actors have been able to develop new attack vectors and reach targets at a high volume, and for a low cost. 

Turning point: The awareness era (2023-2024) 

“Disengagement leads to exposure, and exposure leads to risk.” – Dr. Leila Taghizadeh

• Mental health becomes a visible risk factor
• More CISOs speak openly about stress
• Leadership starts prioritizing wellness and automation
• Zen and mindfulness practices rise in popularity

Over the last few years, we all started to pay more attention to mental health in cybersecurity. Leading minds in the industry started not just to care about it, but to talk openly about it – both because cybersecurity practitioners are human beings who deserve to feel good, and because stress and burnout were becoming security vulnerabilities in their own right. 

“To me, Zen is about mastering oneself… and leading with compassion.” – Lance James (Founder and CEO at Unit 221B)

Resilience by design (2025 and beyond) 

“Focus on the why behind your work…Integrate work and life – it’s all one journey.” – Abeer Khedr (CISO at National Bank of Egypt)

Now is the time to implement real change. Increasingly, we’re seeing:  

• Mental health integrated into security strategy
• AI and automation reduce repetitive stress
• Flexibility, gratitude, and purpose become cultural values
• Work-life integration replaces strict separation
• Preventative care for defenders becomes as critical as patching systems

And cybersecurity leaders across the world will continue to embrace tools and processes that support the wellbeing of practitioners over the coming years. 

We can’t have cyber resilience if we don’t protect human resilience. 

What’s your perspective? 

Cybersecurity isn’t just about protecting networks. It’s about protecting people. 

So we want to know what you think: How can we enable a healthier working culture across the field of cybersecurity going forward?

Join us at Black Hat MEA 2025 to grow your network, expand your knowledge, and build your business.