First check that it’s not empty, then typecast to a string value as a security precaution, because it’s always possible for this to be submitted as an array; e.g., by an attacker. Then unslash, sanitize, and continue by checking length and anything else that you’d like to validate.
if ( ! empty( $_POST['contact_msg'] ) ){
$contact_message = (string) $_POST['contact_msg'];
$contact_message = wp_unslash( $contact_message );
$contact_message = sanitize_textarea_field( $contact_message );
}
Tip: Also be sure to verify the request using an Nonce.
Here’s a more terse variation of the above.
if ( ! empty( $_POST['contact_msg'] ) ){
$contact_message = sanitize_textarea_field( wp_unslash( (string) $_POST['contact_msg'] ) );
}