UK cybersecurity workers are burning out faster than ever due to rising operational pressure, growing risk complexity, and heightened board expectations.
That’s according to a new report from Bitsight which found security practitioners across the UK are struggling more than international counterparts.
The study found that while British organizations are leading in areas such as risk monitoring - 43% continuously monitor their third-party relationships for cyber risk, compared with 33% worldwide - many still struggle to convert that data into actionable insights.
Fewer than one-in-five UK organizations can translate their data into intelligence that drives real-time decision making or informs board-level reporting, the company found.
Only 20% consider their cyber risk management practices to be 'very mature', and just 29% report having a formal cyber risk program that's well aligned with business priorities.
These challenges come amidst a period of intense legislative requirements, the study noted, with NIS2 and DORA placing higher demands on organizations and security teams alike.
Yet despite this, only 21% of UK respondents cited compliance reporting and auditing as a top priority for 2025.
“In today’s post-NIS landscape, continuous monitoring is no longer a competitive edge - it’s a compliance expectation," said Stephen Boyer, chief innovation officer at Bitsight.
"But without the intelligence to interpret what that data means for the business, it’s just noise. UK security teams need clarity, not complexity, to make confident decisions - and that starts with risk teams turning data into actionable insight.”
What's stressing out cybersecurity workers?
All this is leading to high levels of burnout, researchers found, with UK practitioners reporting work-related stress at a far higher rate than global counterparts.
More than half (59%) of UK cyber workers said they’ve experienced symptoms of stress or exhaustion compared with 47% globally.
Bitsight claimed companies lacking continuous visibility into their environments are up to 30% more likely to suffer staff burnout due to manual processes and the fact they’re putting out fires regularly.
Poor interdepartmental communication, however, is among the biggest causes of stress, the study found - especially between cyber teams and executive leadership.
While fewer than a third of organizations globally reported difficulties translating cybersecurity data into business risk terms, 52% of UK organizations reported the same.
This, they said, is making it harder to secure board engagement and funding for critical investments, thereby compounding operational challenges and placing more strain on teams.
Of those that said they do a somewhat poor or very poor job at communicating risk, 42% blamed this on inadequate security knowledge at the board level.
Contextualizing risk for board members is a long-running challenge encountered by cybersecurity practitioners. Bitsight’s report noted that arming workers with actionable insights plays a crucial role in helping explain risk and potential threats to executives.
Nearly three-quarters (72%) of the high achievers in cyber visibility achieved excellence in risk communication, while just 28% of all respondents did the same.
“Visibility alone is no longer enough," said Boyer. "Cyber risk intelligence - blending asset discovery, threat telemetry, and business context - is now essential for UK organizations seeking to move from reactive postures to proactive, intelligence-led strategies.”
Make sure to follow ITPro on Google News to keep tabs on all our latest news, analysis, and reviews.
MORE FROM ITPRO
-
Enterprises can’t keep a lid on surging cyber incident costsNews With increasing threats and continuing skills shortages, AI tools are becoming a necessity for some
-
UK software developers are still cautious about AI, and for good reasonNews Experts say developers are “right to take their time” with AI coding solutions given they still remain a nascent tool
-
Enterprises can’t keep a lid on surging cyber incident costs
News With increasing threats and continuing skills shortages, AI tools are becoming a necessity for some
-
Cyber researchers have already identified several big security vulnerabilities on OpenAI’s Atlas browserNews Security researchers have uncovered a Cross-Site Request Forgery (CSRF) attack and a prompt injection technique
-
CISA issues alert after botched Windows Server patch exposes critical flawNews A critical remote code execution flaw in Windows Server is being exploited in the wild, despite a previous 'fix'
-
Former NCSC head says the Jaguar Land Rover attack was the 'single most financially damaging cyber event ever to hit the UK' as impact laid bareNews Researchers said they place the UK financial impact of the attack on Jaguar Land Rover at around £1.9 billion.
-
Volkswagen confirms security ‘incident’ amid ransomware breach claimsNews Volkswagen has confirmed a security "incident" has occurred, but insists no IT systems have been compromised.
-
Cyber experts have been warning about AI-powered DDoS attacks – now they’re becoming a realityNews DDoS attackers are flocking to AI tools and solutions to power increasingly devastating attacks
-
Microsoft issues warning over “opportunistic” cyber criminals targeting big businessNews Microsoft has called on governments to do more to support organizations
-
Europol takes down SIM farm network that scammed thousands of victimsNews The sophisticated operation led to crimes from simple phishing to investment fraud
