• United States



UK Editor

Half of UK cybersecurity pros could quit in next 12 months due to burnout

Apr 25, 20233 mins
CareersCSO and CISOStaff Management

IT and security teams sense a breaking point with team members experiencing burnout, alert fatigue, and a negative impact on their work/life balance.

Closeup on stressed business woman with eyeglasses -- tension headache burnout

Most UK IT decision makers surveyed in new research think it’s likely that cybersecurity team members will quit the industry due to burnout in the next 12 months. This is driven by high levels of alert fatigue and a mostly reactive approach to security, according to a new report from business risk management firm Expel.

Expel surveyed 500 IT decision makes in the UK across a range of businesses of different sizes and sectors, including financial services, technology, healthcare, and government. It found that many IT teams sense a breaking point with team members experiencing burnout and a negative impact on their work/life balance.

Stress and burnout can be pervasive issues in many professions but are considered particularly rife in the cybersecurity sector due to its fast-moving, always-on, and high-risk nature. It has become a common topic of discussion within the industry as security leaders and organizations seek innovative ways to better recognize and address burnout and stress in their teams.

UK cybersecurity teams swamped by alerts, having to cancel personal commitments

UK IT and cybersecurity teams are being swamped by alerts, with 52% of respondents stating that that their team spends too much time dealing with unnecessary cybersecurity notifications, according to the UK cybersecurity landscape: challenges and opportunities report. This dynamic is expressing itself unhealthily – chiefly through alert fatigue, burnout, and staff turnover risks, the report said.

Almost all those surveyed (93%) said IT management and cybersecurity risk has forced them to cancel, delay, or interrupt personal commitments, with 34% doing so all or most of the time. Just under a third (61%) of respondents reported that they and/or their cybersecurity teams experienced burnout due to cybersecurity risk, with more than a third of IT/security team respondents stating that burnout happens regularly. Technology (79%) and financial services (69%) companies seem to be suffering the most from burnout.

More than half (52%) of UK IT decision makers think it’s either very likely or likely that burnout will force cybersecurity team members to leave the industry in the next 12 months.

How training and recognition can reduce cybersecurity stress and burnout

Cybersecurity professionals suffering from stress and burnout can be less productive, more prone to mistakes, and increasingly likely to quit. While there’s no quick fix for the stress and burnout cybersecurity teams often face, recognition of problem areas and access to training can alleviate the negative effects of job demands, improve employee well-being and job performance, and ultimately help address both issues.

The right type of training and recognition is key, but if this can be approached currently, it can help ensure that cybersecurity professionals have the necessary skills, professional resources, and support needed to manage their workload effectively.

UK Editor

Michael Hill is the UK editor of CSO Online. He has spent the past 8 years covering various aspects of the cybersecurity industry, with particular interest in the ever-evolving role of the human-related elements of information security. A keen storyteller with a passion for the publishing process, he enjoys working creatively to produce media that has the biggest possible impact on the audience.

More from this author