Are Cyber Security Professionals Burning Out?

Published
25 Nov 2019

25 Nov 2019

Mental health and cyber security frequently feature in the same sentence. With stress often a concern, the industry has become witness to burnout at a staggering rate. Issues of fatigue and burnout, when coupled with the growing skills shortage and diversifying cybercrime landscape, have made the burden of burnout a daily concern for over half of cyber professionals globally.

Sixty-five percent of Cyber Security and IT professionals contemplate leaving their current role due to burnout, according to recent research by the Ponemon Institute, and constant stress has been linked as the core issue driving Chief Information Security Officers (CISOs) to leave their role after just eighteen to twenty-four months. Additional research by Nominet found nearly seventeen percent of these CISOs turn to alcohol or medication to deal with the intense stress brought by the job with a quarter of the 408 CISOs surveyed admitting to negative mental and physical health impacts. 

With high stress levels linked to underperformance and oversight, the struggle to “truly switch off” as one senior security figure defines it, is a major longevity issue in the cyber security industry. 


The Origin of Cyber Burnout   

At the core, cyber security professionals operate in crisis mode. They are witnessing first-hand cyber-attacks and many fear such attacks are a matter of when not if for their company. In fact, ninety percent of cyber security professionals feel stuck playing catch up, feeling the power is tipped in favour of the criminals rather than defenders. This all leads to long-term, relenting job stress. 

Global staffing shortages are a further burden for understaffed teams with departments of five unrealistically expected to fulfil the roles of ten to fifteen.  


Combating Burnout 

Championed mental wellbeing is crucial in addressing burnout and halting the diminishing cyber security candidate pool. Craig Hinkley, CEO of a major cyber security organisation, believes “it’s important for me to face these issues head-on by creating a culture of individual well-being and self-care...Support must come from many different areas, such as implementing counselling and stress-relief programs.” He further shared his company’s commitment to showing “team members that we care about them…by constantly making an effort to invest in their well-being.” 

From a practical standpoint, ensuring diverse leadership, enforcing realistic work schedules and considering external assistance are crucial precautionary steps.  

One-third of cyber security professionals feel their current workload is unmanageable. By sharing leadership responsibility, both the burden and workload is shared. In a role were daily tasks hold critical importance sharing this burden is the first step to elevating stress. This further leads into heightened performance and decreased human error.  

Real time screen breaks lead to a vigilant and rejuvenated team. Afterall, overworked and tired employees directly correlate to errors and oversight, which is a fast track to burnout.   

When juggling responsibilities, cyber professionals can find themselves forced to into tasks they are either unskilled or too time-poor to properly fulfil, adding another layer of stress. With forty-four percent of cyber security professionals believing they lack the skillset and resources for certain tasks, looking externally for certain cyber needs may be in a company’s best interest. 


The undeniable stress experienced by cyber security professionals is driving burnout rates skyward. With resourcing already an issue, companies wishing to retain their cyber security staff need to work harder to support their cyber department, increase retention and halt turnover.