As workloads continue to grow in response to ever-evolving cyber threats, UK cybersecurity professionals are increasingly struggling with burnout, according to 2023 research from CyberArk, .
The study found that burnout has impacted the ability to do their job effectively for over half (59%) of security professionals, even as the volume of cyberattacks continues to escalate and cause damage. In the past 12 months 80% of UK organisations have experienced a ransomware attack – up from 70% last year - and 47% of those affected have paid a ransom at least twice to allow recovery.
Security teams are often asked to work long hours to protect against cyber threats, despite budgets and available resources continuing to shrink due to economic pressures. It’s therefore more important than ever for them to be performing at the optimum level, but CyberArk’s research suggests burnout could be hampering those efforts. With 66% of those experiencing it serving as c-level executives – senior decision makers who are directly responsible for organisation’s cyber defence mechanisms – these findings are cause for significant concern.
“The ability to monitor for interference in an organisation’s tech infrastructure and shifts in the threat landscape is integral to every security professional’s role, given the fast-paced and impactful nature of cyberattacks,” said David Higgins, Senior Director, Field Technology Office at CyberArk. “Burnout is alarming in that context, because it impairs the ability to defend their organisation. One wrong decision or missed signal can open the door to reputational and monetary damage for an organisation.”
This rise in burnout is an even bigger concern in the context of ongoing increases turnover and talent shortage in the industry. Last year, the global shortage of cybersecurity professionals stood at 3.4 million, compared with a total cyber workforce of 4.7 million, according to research by ISC2, an association for cyber security professionals. Employees affected by burnout may choose to move on to other opportunities or take a step back from their work to help improve their wellbeing. In security, that means reduced numbers of expert personnel and heightened levels of vulnerability for their employer. According to CyberArk’s research, 61% of cyber security professionals believe that ‘regular’ employee churn/ turnover in the next 12 months will also cause security issues.
Commenting on the findings, Higgins added: “Employee burnout affecting cybersecurity teams needs to be addressed – and fast – if organisations want to keep their cyber defences watertight. Using AI and technology tools can boost proactive defences and also help alleviate ‘low level’ workloads, for example automating threat detection and response or to support identity risk analysis. Automation can mean practitioners are better able to focus on more meaningful tasks. But above all, directly addressing ongoing threats – whether from internal or external sources – requires a workforce that is mentally, physically and technically equipped to keep attacks at bay. And that should be an absolute priority.”