UK cybersecurity workers are burning out faster than ever due to rising operational pressure, growing risk complexity, and heightened board expectations.
That’s according to a new report from Bitsight which found security practitioners across the UK are struggling more than international counterparts.
The study found that while British organizations are leading in areas such as risk monitoring - 43% continuously monitor their third-party relationships for cyber risk, compared with 33% worldwide - many still struggle to convert that data into actionable insights.
Fewer than one-in-five UK organizations can translate their data into intelligence that drives real-time decision making or informs board-level reporting, the company found.
Only 20% consider their cyber risk management practices to be 'very mature', and just 29% report having a formal cyber risk program that's well aligned with business priorities.
These challenges come amidst a period of intense legislative requirements, the study noted, with NIS2 and DORA placing higher demands on organizations and security teams alike.
Yet despite this, only 21% of UK respondents cited compliance reporting and auditing as a top priority for 2025.
“In today’s post-NIS landscape, continuous monitoring is no longer a competitive edge - it’s a compliance expectation," said Stephen Boyer, chief innovation officer at Bitsight.
"But without the intelligence to interpret what that data means for the business, it’s just noise. UK security teams need clarity, not complexity, to make confident decisions - and that starts with risk teams turning data into actionable insight.”
What's stressing out cybersecurity workers?
All this is leading to high levels of burnout, researchers found, with UK practitioners reporting work-related stress at a far higher rate than global counterparts.
More than half (59%) of UK cyber workers said they’ve experienced symptoms of stress or exhaustion compared with 47% globally.
Bitsight claimed companies lacking continuous visibility into their environments are up to 30% more likely to suffer staff burnout due to manual processes and the fact they’re putting out fires regularly.
Poor interdepartmental communication, however, is among the biggest causes of stress, the study found - especially between cyber teams and executive leadership.
While fewer than a third of organizations globally reported difficulties translating cybersecurity data into business risk terms, 52% of UK organizations reported the same.
This, they said, is making it harder to secure board engagement and funding for critical investments, thereby compounding operational challenges and placing more strain on teams.
Of those that said they do a somewhat poor or very poor job at communicating risk, 42% blamed this on inadequate security knowledge at the board level.
Contextualizing risk for board members is a long-running challenge encountered by cybersecurity practitioners. Bitsight’s report noted that arming workers with actionable insights plays a crucial role in helping explain risk and potential threats to executives.
Nearly three-quarters (72%) of the high achievers in cyber visibility achieved excellence in risk communication, while just 28% of all respondents did the same.
“Visibility alone is no longer enough," said Boyer. "Cyber risk intelligence - blending asset discovery, threat telemetry, and business context - is now essential for UK organizations seeking to move from reactive postures to proactive, intelligence-led strategies.”
Make sure to follow ITPro on Google News to keep tabs on all our latest news, analysis, and reviews.
MORE FROM ITPRO
-
Trump's AI executive order could leave US in a 'regulatory vacuum'News Citing a "patchwork of 50 different regulatory regimes" and "ideological bias", President Trump wants rules to be set at a federal level
-
TPUs: Google's home advantageITPro Podcast How does TPU v7 stack up against Nvidia's latest chips – and can Google scale AI using only its own supply?
-
LastPass hit with ICO fine after 2022 data breach exposed 1.6 million users – here’s how the incident unfoldedNews The impact of the LastPass breach was felt by customers as late as December 2024
-
Researchers claim Salt Typhoon masterminds learned their trade at Cisco Network AcademyNews The Salt Typhoon hacker group has targeted telecoms operators and US National Guard networks in recent years
-
Trend Micro issues warning over rise of 'vibe crime' as cyber criminals turn to agentic AI to automate attacksNews Trend Micro is warning of a boom in 'vibe crime' - the use of agentic AI to support fully-automated cyber criminal operations and accelerate attacks.
-
Cyber budget cuts are slowing down, but that doesn't mean there's light on the horizon for security teamsNews A new ISC2 survey indicates that both layoffs and budget cuts are on the decline
-
NCSC issues urgent warning over growing AI prompt injection risks – here’s what you need to knowNews Many organizations see prompt injection as just another version of SQL injection - but this is a mistake
-
Chinese hackers are using ‘stealthy and resilient’ Brickstorm malware to target VMware servers and hide in networks for months at a timeNews Organizations, particularly in the critical infrastructure, government services, and facilities and IT sectors, need to be wary of Brickstorm
-
AWS CISO Amy Herzog thinks AI agents will be a ‘boon’ for cyber professionals — and teams at Amazon are already seeing huge gainsNews AWS CISO Amy Herzog thinks AI agents will be a ‘boon’ for cyber professionals, and the company has already unlocked significant benefits from the technology internally.
-
The Scattered Lapsus$ Hunters group is targeting Zendesk customers – here’s what you need to knowNews The group appears to be infecting support and help-desk personnel with remote access trojans and other forms of malware
