Employees experiencing burnout is a very real problem for companies. A stressful workplace with difficult processes can not only lead to dissatisfied employees but to the more serious issue of burnout, where employees need to take a step back from work and sometimes even quit. This month, four experts explore the issue of employee burnout within the cybersecurity industry, starting below with Kennet Harpsøe, Lead Security Researcher at Logpoint:
With businesses inundated with evolving cyberthreats, organisations are racing to protect their assets and the pressure on Security Operations Centre (SOC) teams has reached unprecedented levels.
While a certain amount of pressure can drive performance, the reality is that many security analysts are overwhelmed. With SOC teams facing an average of 4,484 alerts daily, the burden of manually triaging these alerts can consume up to three hours each day. This unsustainable workload not only leads to alert fatigue but also increases the risk of critical incidents slipping through the cracks. The fear of missing incidents, or FOMI, has become a prevalent concern. According to an October 2023 survey from Tines, 71% of SOC analysts reported feelings of burnout and 60% noted an increase in their workloads over the past year.
To combat this alarming trend, organisations must prioritise the wellbeing of their cybersecurity teams. One of the most effective strategies is to invest in automation technologies that can alleviate the manual workload faced by analysts. By automating routine tasks such as reporting and monitoring, we can significantly reduce the time spent on these less favourable aspects of the job. In fact, the aforementioned survey found that 65% of analysts believe that half of their security tasks could be automated, which would not only enhance job satisfaction but also allow them to focus on higher-value operations.
Additionally, implementing advanced automated solutions can ensure that every alert is investigated, addressing the gaps highlighted by industry research. It can also reduce the number of false positives and help ease the burden on security analysts in that aspect. These solutions should incorporate threat intelligence and business context, transforming weak signals into meaningful investigations. By enhancing the efficiency of threat detection and case management, we can empower our analysts to respond more effectively to potential threats, ultimately reducing the stress associated with their roles.
Equally, fostering a supportive work environment is essential. This includes redistributing responsibilities to prevent any one individual from becoming overwhelmed and encouraging open communication about workload challenges. Regular check-ins and mental health resources can also play a vital role in supporting our teams.
Preventing burnout among cybersecurity professionals requires a multifaceted approach. By investing in automation, redistributing workloads, and fostering a supportive culture, we can create an environment where teams can thrive whilst ultimately safeguarding the organisation and its digital assets.
Jim Doggett, CISO, Semperis:
The cybersecurity job has always been one for the firefighters – it is nonstop. Its nature is also one of peaks or valleys: when a problem such as an attack or breach occurs, all hands are on deck until the problem is solved. However, there are steps we can take to make the security environment less stressful, more productive and more flexible, resulting in less burnout.
Firstly, it’s important to set clear expectations up front. In hiring, we often try to sell the perfect environment: exciting work, standard work schedules, low stress. Although these are things we all strive for, they are rarely the reality. The security professional’s career will always have times of heavy workload and stress. It doesn’t make sense to promise one thing and then deliver another.
Organisations should automate as much of their day-to-day operations as possible. Most security professionals spend too much time doing busy work: putting together reports, gathering data, preparing presentations. Not only is this unproductive, it’s boring work that can lead to dissatisfaction. This issue can be addressed only through automation. We have adopted the philosophy of implementing no new tools or processes unless they can be automated end-to-end, so we can utilise our scarce resources doing security and not administrative work.
Another important step is to bring risk management discipline into the core of the security strategy. Not only is eliminating all cybersecurity risks impossible, it isn’t cost-effective either. This leads to continuous begging for a bigger budget. Instead, we should prioritise our risks based on impact to the business, allocate budget to the highest risks, and draw a line when the money is used up. Let the board or senior management decide if too much risk remains and warrants more budget.
There also needs to be a bigger focus on the relationship between security, IT and business units. Often, the connections between these departments are not great, forcing security professionals to take on tasks and roles that should really belong to others. By focusing on these relationships, security professionals can garner their support, which will make life so much easier. This is a long-term effort, but it might be the biggest contributor to a security team’s satisfaction.
Finally, teams should always finish what they start before moving on to the next project. I’ve seen way too many ‘security projects’ that never seem to be finished. For example, you get new software installed, but between scope creep, tuning and impact to users, valuable resources remain focused on the project for far too long. Better planning can do much to help solve this issue, but security leadership must also define when the job is done and what is considered good enough.
Luke Dash, CEO, ISMS.online:
As cybersecurity regulations continue to grow in number and complexity, many organisations find themselves struggling to keep up. In fact, according to a recent survey by ISMS.online, over the past year, more than 99% of UK businesses have incurred fines for data breaches or violation of data protection rules. The increasing demands of adhering to multiple standards can quickly become overwhelming, often leading to burnout among staff tasked with ensuring compliance, particularly when teams are balancing day-to-day operations alongside audit preparations.
The research also found that compliance processes can be demanding and time-consuming with over 65% citing that it took between 6-18 months to meet compliance with GDPR alone. Similarly, 60% took the same length of time to comply with NIST and ISO 27701, and 57% struggled to meet ISO 27001 and The Privacy Act, needing as much as 18 months to do so.
These are just a few of the myriad of legislations that businesses are facing and the resulting regulatory fines for non-compliance.
The constant pressure to keep up with evolving threats, regulations and the complexities of protecting sensitive data and the sheer volume of responsibilities placed on cybersecurity professionals, creates a stressful, high-stakes environment. Many teams feel overburdened, under-resourced and faced with ever-increasing workloads, leading to exhaustion and disengagement.
A Gartner study highlights the severity of the issue, predicting that nearly half of cybersecurity leaders will change jobs by 2025, with 25% leaving the industry entirely due to workplace stress. This exodus will only exacerbate the existing skills gap, making it even harder for organisations to attract and retain top talent. As cybersecurity threats evolve and regulatory demands grow more complex, professionals are often stuck in a reactive cycle, struggling to stay ahead of risks while also meeting stringent compliance standards.
Without sufficient support, resources or work/life balance, burnout becomes inevitable. Addressing this issue is crucial not just for individual wellbeing but for the stability and security of the business as a whole.
To tackle this challenge effectively, organisations should consider a more streamlined approach to compliance management. Rather than treating each regulation as an isolated requirement, adopting an integrated system that aligns various frameworks can significantly reduce duplication of effort. Leveraging technology that automates key processes, such as tracking regulatory updates, generating reports and maintaining evidence, can also ease the pressure on teams and ensure nothing falls through the cracks.
By focusing on proactive planning and ongoing monitoring, rather than last-minute audit preparation, organisations can stay ahead of their compliance obligations without the stress of scrambling to meet deadlines. This approach not only prevents burnout but also mitigates the fear of failing audits and ensuring that cybersecurity standards are met.
Richard Ford, CTO, Integrity360:
The pressures of maintaining a real-time view of cybersecurity and responding to incidents are taking their toll on CISOs and their teams. Many find themselves in a constant firefight, tackling one threat after another, which leaves little room for strategic planning or innovation. This endless cycle can significantly impact not only team productivity but also employee wellbeing, leading to burnout.
Human beings, no matter how skilled, cannot sustain high levels of productivity under relentless stress. Early signs of burnout, such as apathy or disengagement, often appear before full-blown exhaustion hits. For CISOs and cybersecurity professionals, the risk of burnout is particularly high. They are expected to manage highly technical challenges and translate these issues into understandable actions for other departments. This dual role can be mentally taxing, leading even the most talented employees to seek better work/life balance elsewhere.
Without addressing these issues, organisations risk losing key talent, and with average CISO tenure hovering around just 26 months, the turnover costs can be significant. As the demand for skilled professionals far outpaces the available talent, keeping hold of skilled employees is critical. Integrity360 addresses this by providing businesses with access to specialists who find, vet and interview personnel to fill critical roles and seamlessly integrate into existing teams. This reduces the strain of finding and training new staff, allowing organisations to focus on core tasks while ensuring that cybersecurity needs are handled by experts aligned with the company culture and objectives. Bringing in specialised talent tailored to your project needs helps reduce workloads, fill the skills gap and keep businesses secure without overburdening the IT/SOC teams.
Addressing burnout requires both structural changes and targeted investments. One area where organisations can make an immediate impact is by simplifying and automating their cybersecurity operations. According to a Ponemon Institute/FireEye study, 86% of high-performing companies rated their Managed Security Service Providers (MSSPs) as highly effective, compared to only 51% of the overall sample. Outsourcing certain security functions through MSSPs can relieve the burden on in-house teams, allowing them to focus on critical tasks rather than constant firefighting.
Another critical step is embracing automation through tools like Managed Detection and Response (MDR) and Security Orchestration, Automation, and Response (SOAR). These technologies help automate the collection, triaging and analysis of threat data, reducing the time and effort required for manual monitoring. This can significantly decrease the volume of false positives that contribute to alert fatigue, a leading cause of burnout.
By automating threat detection and response, companies can free up their security teams to focus on higher-value tasks that contribute directly to business goals, rather than repetitive, manual work. This shift not only improves the overall efficiency of security operations but also helps reduce the stress that leads to burnout.
CISOs must prioritise a balanced approach to security, one that focuses on skilled employees, automation, managed services and realistic expectations around incident response. By doing so, they can enhance productivity, improve employee morale and safeguard their organisations against both cyberthreats and employee burnout.