Cyber Attacks Burn Out Security Experts

A new survey from CyberArk has revealed that increased workloads caused by a surge in cyber threats and attacks has led to 59 per cent of UK senior cyber security professionals facing burnout. 

Cyber Crime Levels High 

The results of the survey highlight the growing workload pressure on cyber security professionals because in just the past 12 months alone, a staggering 80 per cent of UK organisations have experienced a ransomware attack, a 10 per cent increase on last year. Also, almost half of those affected (47 per cent) have opted to pay the ransom (at least twice) to enable recovery. 

Workload And Other Challenges 

In order to protect businesses from growing threat levels, cyber security teams have, therefore, been required to work long hours whilst facing the challenges caused by the limited budgets and resources that are the result of economic pressures, as well as the challenges of a skills gap and global shortage of cybersecurity professionals. For example, a recent ISC2 report shows that there was a 3.4 million global shortage of cyber security professionals last year, compared with a total cyber workforce of 4.7 million. 

Other Supporting Research 

Other research that supports the plight of under-pressure cyber security workers includes a Chartered Institute of Information Security (CIISec) survey that found almost a quarter of security practitioners work more than 48 hours per week, and Gartner research (2023) highlighting how high levels of stress could see nearly half of security leaders switching careers by 2025. 

Taking A Break Or Leaving The Profession 

Consequently, even though cyber security professionals need to be performing at their absolute best, instead they are experiencing burnout (according to the CyberArk survey), and are choosing to either take a break from work to concentrate on their wellbeing or leaving the professions, thereby adding to the lack of security professionals in businesses, increasing the vulnerability of those businesses to cyber-attacks. 

More Than Two-Thirds Of Senior Decision Makers Affected 

CyberArk’s survey shows, for example, that 66 per cent of C-level executives (senior cyber defence decision makers in businesses) feel that they are experiencing burnout, which raises concerns about their ability to deal with the increasing and evolving threats effectively. 

For example, as David Higgins, senior director, of the field technology office at CyberArk puts it: “Burnout is alarming in that context, because it impairs the ability to defend their organisation. One wrong decision or missed signal can open the door to reputational and monetary damage for an organisation.” 

What Does This Mean For Your Business? 

The findings from CyberArk paint a stark picture for UK businesses, showing the front-line against cybercrime is wearing thin. The apparent burnout epidemic among cybersecurity professionals is not only a health crisis but a strategic business vulnerability. When these specialists are overworked and stressed, their capacity to guard against cyber threats is compromised, and as a result, the risk to business operations, sensitive data, and company finances escalates. 

UK companies should, therefore, take immediate steps to prioritise the well-being of their security teams. This means cultivating an environment where work-life balance is possible and supported by management. It also includes re-evaluating workloads to ensure they are sustainable and providing access to mental health resources. These measures may help in maintaining a vigilant and capable cybersecurity workforce. 

Equally critical is addressing the shortage of cybersecurity professionals through targeted talent development and diversified recruitment strategies. Training programs and professional development opportunities can be powerful incentives for both recruitment and retention, and recruits that can grow with the company. 

C-level executives (cyber security decision-makers) experiencing burnout themselves need to set the right tone for the organisation’s work culture, for example by openly acknowledging the issue and advocating for sufficient resources. This could (in some measure) help bring the change that reinforces the company’s defence against cyber threats. 

Preventing cybersecurity burnout, therefore, is more than a human resources issue and is an essential investment in a business’s operational security. As cyber threats increase, it is clear that protecting the protectors through a compassionate and comprehensive approach to workforce management is not just beneficial but necessary for sustaining business integrity in the digital age.