UK cybersecurity workers are burning out faster than ever due to rising operational pressure, growing risk complexity, and heightened board expectations.
That’s according to a new report from Bitsight which found security practitioners across the UK are struggling more than international counterparts.
The study found that while British organizations are leading in areas such as risk monitoring - 43% continuously monitor their third-party relationships for cyber risk, compared with 33% worldwide - many still struggle to convert that data into actionable insights.
Fewer than one-in-five UK organizations can translate their data into intelligence that drives real-time decision making or informs board-level reporting, the company found.
Only 20% consider their cyber risk management practices to be 'very mature', and just 29% report having a formal cyber risk program that's well aligned with business priorities.
These challenges come amidst a period of intense legislative requirements, the study noted, with NIS2 and DORA placing higher demands on organizations and security teams alike.
Yet despite this, only 21% of UK respondents cited compliance reporting and auditing as a top priority for 2025.
“In today’s post-NIS landscape, continuous monitoring is no longer a competitive edge - it’s a compliance expectation," said Stephen Boyer, chief innovation officer at Bitsight.
"But without the intelligence to interpret what that data means for the business, it’s just noise. UK security teams need clarity, not complexity, to make confident decisions - and that starts with risk teams turning data into actionable insight.”
What's stressing out cybersecurity workers?
All this is leading to high levels of burnout, researchers found, with UK practitioners reporting work-related stress at a far higher rate than global counterparts.
More than half (59%) of UK cyber workers said they’ve experienced symptoms of stress or exhaustion compared with 47% globally.
Bitsight claimed companies lacking continuous visibility into their environments are up to 30% more likely to suffer staff burnout due to manual processes and the fact they’re putting out fires regularly.
Poor interdepartmental communication, however, is among the biggest causes of stress, the study found - especially between cyber teams and executive leadership.
While fewer than a third of organizations globally reported difficulties translating cybersecurity data into business risk terms, 52% of UK organizations reported the same.
This, they said, is making it harder to secure board engagement and funding for critical investments, thereby compounding operational challenges and placing more strain on teams.
Of those that said they do a somewhat poor or very poor job at communicating risk, 42% blamed this on inadequate security knowledge at the board level.
Contextualizing risk for board members is a long-running challenge encountered by cybersecurity practitioners. Bitsight’s report noted that arming workers with actionable insights plays a crucial role in helping explain risk and potential threats to executives.
Nearly three-quarters (72%) of the high achievers in cyber visibility achieved excellence in risk communication, while just 28% of all respondents did the same.
“Visibility alone is no longer enough," said Boyer. "Cyber risk intelligence - blending asset discovery, threat telemetry, and business context - is now essential for UK organizations seeking to move from reactive postures to proactive, intelligence-led strategies.”
Make sure to follow ITPro on Google News to keep tabs on all our latest news, analysis, and reviews.
MORE FROM ITPRO
-
Global cybersecurity spending is going to hit $213 billion in 2025News Spending across major fronts comes in the wake of rising cloud security threats and growing skills gaps
-
Cloud confusion: Why can't we say what we mean?Industry Insights Cloud jargon creates confusion, risking security gaps and business vulnerabilities in organizations
-
Global cybersecurity spending is going to hit $213 billion in 2025 — here's what’s driving investment
News Spending across major fronts comes in the wake of rising cloud security threats and growing skills gaps
-
A flaw in Google’s new Gemini CLI tool could’ve allowed hackers to exfiltrate dataNews The company has moved to fix a vulnerability that allowed the execution of malicious code
-
Hackers breached a 158 year old company by guessing an employee password – experts say it’s a ‘pertinent reminder’ of the devastating impact of cyber crimeNews A Panorama documentary exposed hackers' techniques and talked to the teams trying to tackle them
-
Everything we know about the Allianz Life data breach so farNews The company has confirmed in a filing that data was accessed earlier this month
-
ExpressVPN updates Windows app to fix vulnerabilityNews The flaw was reported through ExpressVPN's bug bounty program
-
NCSC says ‘limited number’ of UK firms affected by SharePoint attack as global impact spreadsNews The SharePoint flaw has already had a wide impact according to reports from government security agencies
-
New hires are your weakest link when it comes to phishing attacks – here's how you can build a strong security culture that doesn't judge victimsNews Research from Keepnet shows new hires are far more likely to fall for phishing attacks – here's how you can improve security awareness during onboarding processes.
-
IT leaders are facing major work device blind spots – and it's putting security at riskNews The use of unauthorized devices is putting enterprises at huge risk
