Surging cyber threats exacerbating security staff burnout

Stressed and exhausted office worker sits behind desk at night in a darkened room
(Image credit: Getty Images)

Burnout among senior cyber security professionals is being exacerbated by surging cyber attack levels, according to new research. 

A survey from CyberArk suggests that heightened security threats are affecting practitioners’ ability to carry out their roles effectively, with nearly two-thirds struggling to contend with growing workloads. 

More than two-thirds of C-suite executives also believe burnout is being impacted by heightened threat levels, which is affecting their ability to make critical, high level decisions. 

The strain placed on senior security personnel runs in parallel with a surge in attacks in recent months. CyberArk research found more than 80% of organizations have experienced an attempted ransomware attack across 2023, marking an increase on the year previous. 

David Higgins, senior director, field technology office at CyberArk said the growing burnout rate among security practitioners raises serious concerns about their ability to contend with growing threats. 

"The ability to monitor for interference in an organization’s tech infrastructure and shifts in the threat landscape is integral to every security professional’s role, given the fast-paced and impactful nature of cyberattacks," he said. 

"Burnout is alarming in that context, because it impairs the ability to defend their organization. One wrong decision or missed signal can open the door to reputational and monetary damage for an organization."

Security practitioner stress

The report marks the latest warning about rocketing levels of stress in the cyber security industry, with a recent study from the Chartered Institute of Information Security (CIISec) finding nearly a quarter of security practitioners work more than 48 hours per week.

Research from Gartner in early 2023 found that nearly half of security leaders could switch careers by 2025 due to what the consultancy described as “unsustainable levels of stress”.

The predicted stress-related exodus comes amid a critical period for talent retention in the broader security industry. 

A report this week from ISC2 found the global shortage of cyber security professionals stood at 3.4 million last year, compared with a total cyber workforce of 4.7 million.

Respondents told ISC2 they were most concerned about skills gaps, cuts to their teams and an increased workload. 

CyberArk’s research aligns with current predictions on talent retention. The firm found more than six in ten cyber security professionals believe ‘regular’ employee churn over the next 12 months will also cause security issues. 


Magic Quadrant study of the Cloud AI Developer Services (CAIDS) market

(Image credit: IBM)

Magic Quadrant for Cloud AI Developer Services

Discover how the cloud AI development market is expected to evolve and how vendors are meeting the needs of end-users


Similarly, nearly one-third said cyber security skills gaps hinder security defenses.

"Employee burnout affecting cybersecurity teams needs to be addressed – and fast – if organizations want to keep their cyber defenses watertight," says Higgins. 

"Above all, directly addressing ongoing threats – whether from internal or external sources – requires a workforce that is mentally, physically and technically equipped to keep attacks at bay. And that should be an absolute priority."

Emma Woollacott

Emma Woollacott is a freelance journalist writing for publications including the BBC, Private Eye, Forbes, Raconteur and specialist technology titles.