NCSC concerned for UK cyber experts burning out over Russia-Ukraine cyber war

Mockup of the the NCSC's official web page
(Image credit: Shutterstock)

The UK’s National Cyber Security Centre (NCSC) has issued guidance to information security teams on how to maintain strong digital defences amid an “extended period of heightened threat”.

It comes as the organisation’s concerns grow over the well-being of the nation’s cyber practitioners who are having to keep resilient cyber defences as a result of the ongoing kinetic and cyber war between Russia and Ukraine.

The cyber authority has listed several measures UK businesses and organisations can take to ensure their security experts remain happy, healthy, functional, and efficient throughout the period of ongoing conflict.

The first is to ‘get the basics right’ - ensuring the basic cyber hygiene controls within a business are enabled. These include checking for software patches, verifying access controls, and enabling comprehensive logging and monitoring systems. The full list of ‘basics’ is laid out in a separate NCSC article.

Many organisations took risk-based decisions at the start of the conflict to introduce additional temporary defences. Now that the conflict appears to be a long-term threat, these decisions should be revisited to ensure the security environment is equipped for battle in the long term.

Re-assessing the workloads of every member of the team should also be considered, the NCSC said. To free up space for leaders to tackle other priorities, it could be effective to empower frontline staff to take on additional decision-making responsibilities, and could even lead to more agile responses that are informed by the experiences of those on the front line.

Additional responsibilities should be weighed evenly throughout the wider team though, to prevent burnout and increase development opportunities for all involved.

Taking regular breaks and encouraging staff to lean on each other for emotional support, providing they feel comfortable doing so, are also advisable strategies to manage the prolonged period of conflict, said the NCSC.

What are the NCSC’s main concerns?

The IT industry is steeped in notoriety for the prevalent burnout experienced by workers across many branches of the industry and the NCSC said there is an increased risk of cyber professionals suffering from the condition.

Longer hours, taking fewer breaks, and dealing with additional threat vectors on top of the usual adversarial threats that are expected in the cyber security industry are all contributing to increased workload across teams.


Securing endpoints amid new threats

Ensuring employees have the flexibility and security to work remotely


Some staff are also involved in round-the-clock monitoring or being required to be on-call for emergencies which can limit the ‘downtime’ they can enjoy away from work. By promoting a work culture that encourages breaks and rest, rather than a total focus on work and preparedness, is one way cyber security teams can manage the prolonged workload brought by the ongoing cyber war.

“Cyber security teams were already under mounting pressure in the months leading up to the invasion of Ukraine: handling a global pandemic, a rise in ransomware attacks and the Log4j vulnerability, alongside the usual levels of ongoing malign cyber activity,” the NCSC said.

“These extended periods of intense pressure on cyber security teams raise the risk of poor wellbeing and even burnout, with a potential associated rise in unsafe behaviours and errors. Staff welfare is a critical component of an organisation’s security and resilience.”

What is an extended period of heightened threat?

Cyber security is an often unrelenting role that requires high levels of vigilance at all times. The number of cyber security threats faced by businesses continues to rise each year and the ongoing cyber war between Russia and Ukraine is presenting additional requirements for the job.

An extended period of heightened threat typically involves two phases, the NCSC said: an acute phase where organisations scramble to implement temporary defences at the start of a conflict and a protracted phase when a strengthened security posture should be maintained as conflict continues.

The UK is now in the protracted phase which is where the complications and concerns over experts’ welfare have become increased.

“Over time, the cyber threat may come down again, but it is unlikely to return to the previous baseline,” said the NCSC.

“Organisations might maintain aspects of their strengthened posture for the long term, in response to a changed threat landscape. The NCSC will continue to issue guidance to help organisations assess the level of the cyber threat.”

Connor Jones
News and Analysis Editor

Connor Jones has been at the forefront of global cyber security news coverage for the past few years, breaking developments on major stories such as LockBit’s ransomware attack on Royal Mail International, and many others. He has also made sporadic appearances on the ITPro Podcast discussing topics from home desk setups all the way to hacking systems using prosthetic limbs. He has a master’s degree in Magazine Journalism from the University of Sheffield, and has previously written for the likes of Red Bull Esports and UNILAD tech during his career that started in 2015.