Cyber security professionals are exhausted, and it's putting firms at greater risk of attack

Stressed and exhausted office worker sits behind desk at night in a darkened room
(Image credit: Getty Images)

An epidemic of stress among cyber security professionals is putting organizations at a greater risk of cyber attack, according to a new report.

A survey of 500 UK cyber security professionals by security firm Adarma found that just over half of organizations believe their security operations staff are challenged, stressed, frustrated or exhausted.

Some said they were burnt out and ready to quit, and that it’s only a matter of time before mistakes are made.

"The pressure is high and security teams are often understaffed, so it is understandable that many cyber security professionals are reporting frustration, burnout, and unsustainable stress," said John Maynard, Adarma’s CEO.

"As a result, the potential for mistakes being made that will negatively impact an organization increases. Business leaders should identify opportunities to ease these gaps, so that their teams can focus on the main task at hand, protecting the organization."

More than four-in-ten cyber security leaders said they have limited capabilities and expertise to fully understand the threats they face, while a further 43% said they had some, little, or no capabilities or expertise to detect and respond to potential threats in their IT environments.

One-in-four added they have limited capability or expertise to respond effectively to an incident at all.

Meanwhile, 28% of cyber security professionals believe that their capacity for innovation is limited, with 60% citing the skills shortage as a major reason for being held back.

According to Maynard, a lack of diversity in the cyber security workforce is restricting recruitment, and thereby exacerbating the problem.

"By diversifying the talent pool, new ideas flow and various perspectives can pave the way for innovation. Exploring non-traditional recruitment paths will help to further widen that talent pool by making careers in cyber security more accessible to a broader range of candidates," he said.

"This could go a long way to easing the burden on overworked security teams, while also providing opportunity for growth. Indeed, the well-being of the entire workforce, including the security department, must be prioritized and requires the right balance of reliance on technology and people."

Employee stress in cyber security is rampant

Adarma’s report is the latest in a slew of studies to highlight the growing issue of stress, anxiety, and mental health-related problems plaguing cyber security practitioners globally. 

In early November, a study from Centripetal revealed that the vast majority of cyber security professionals find their personal lives are disrupted by work outside of office hours.

Almost one-fifth of employees said they were working more than eight hours' worth of unpaid overtime per week, and almost a third said their lives were interrupted by work every night.


Colleagues in a tech lab all looking at a laptop

(Image credit: Trend Micro)

Supply chain as kill chain

Learn more about the effect ZTA has on security management


A similar report on the topic from CyberArk also found that work-related stress is being exacerbated by heightened threat levels, with nearly two-thirds of senior cyber security professionals struggling to contend with their growing responsibilities.

More than 80% of organizations have experienced an attempted ransomware attack over the last year, according to the research, and practitioners are becoming increasingly strained in an attempt to contend with escalating threats.

Emma Woollacott

Emma Woollacott is a freelance journalist writing for publications including the BBC, Private Eye, Forbes, Raconteur and specialist technology titles.