UK cybersecurity workers are burning out faster than ever due to rising operational pressure, growing risk complexity, and heightened board expectations.
That’s according to a new report from Bitsight which found security practitioners across the UK are struggling more than international counterparts.
The study found that while British organizations are leading in areas such as risk monitoring - 43% continuously monitor their third-party relationships for cyber risk, compared with 33% worldwide - many still struggle to convert that data into actionable insights.
Fewer than one-in-five UK organizations can translate their data into intelligence that drives real-time decision making or informs board-level reporting, the company found.
Only 20% consider their cyber risk management practices to be 'very mature', and just 29% report having a formal cyber risk program that's well aligned with business priorities.
These challenges come amidst a period of intense legislative requirements, the study noted, with NIS2 and DORA placing higher demands on organizations and security teams alike.
Yet despite this, only 21% of UK respondents cited compliance reporting and auditing as a top priority for 2025.
“In today’s post-NIS landscape, continuous monitoring is no longer a competitive edge - it’s a compliance expectation," said Stephen Boyer, chief innovation officer at Bitsight.
"But without the intelligence to interpret what that data means for the business, it’s just noise. UK security teams need clarity, not complexity, to make confident decisions - and that starts with risk teams turning data into actionable insight.”
What's stressing out cybersecurity workers?
All this is leading to high levels of burnout, researchers found, with UK practitioners reporting work-related stress at a far higher rate than global counterparts.
More than half (59%) of UK cyber workers said they’ve experienced symptoms of stress or exhaustion compared with 47% globally.
Bitsight claimed companies lacking continuous visibility into their environments are up to 30% more likely to suffer staff burnout due to manual processes and the fact they’re putting out fires regularly.
Poor interdepartmental communication, however, is among the biggest causes of stress, the study found - especially between cyber teams and executive leadership.
While fewer than a third of organizations globally reported difficulties translating cybersecurity data into business risk terms, 52% of UK organizations reported the same.
This, they said, is making it harder to secure board engagement and funding for critical investments, thereby compounding operational challenges and placing more strain on teams.
Of those that said they do a somewhat poor or very poor job at communicating risk, 42% blamed this on inadequate security knowledge at the board level.
Contextualizing risk for board members is a long-running challenge encountered by cybersecurity practitioners. Bitsight’s report noted that arming workers with actionable insights plays a crucial role in helping explain risk and potential threats to executives.
Nearly three-quarters (72%) of the high achievers in cyber visibility achieved excellence in risk communication, while just 28% of all respondents did the same.
“Visibility alone is no longer enough," said Boyer. "Cyber risk intelligence - blending asset discovery, threat telemetry, and business context - is now essential for UK organizations seeking to move from reactive postures to proactive, intelligence-led strategies.”
Make sure to follow ITPro on Google News to keep tabs on all our latest news, analysis, and reviews.
MORE FROM ITPRO
-
Is all-photonics the future of networking?ITPro Podcast Using light to transmit data rather than relying on electronic components could slash latency
-
The honeymoon period is officially over for Microsoft and OpenAIAnalysis Microsoft and OpenAI are slowly drifting apart as both forge closer ties with respective rivals and reevaluate their long-running partnership.
-
Kids hacking for kicks are causing security headaches at schoolsNews More than half of cyber incidents at schools are caused by students, with some tech-savvy pupils attempting to bypass security and network controls.
-
Mobile app security is a huge blind spot for developer teams – 93% are confident their applications are secure, but 62% reported breaches last yearNews Organizations are overconfident about their mobile app security practices, according to new research, and it’s putting enterprises and consumers alike at risk.
-
LNER warns customers to remain vigilant after personal data exposed in cyber attackNews LNER has warned customers to remain vigilant for social engineering attacks after a cyber attack on the rail operator exposed personal data.
-
Jaguar Land Rover u-turns on cyber attack containment claims, admits ‘some data has been affected’News Jaguar Land Rover (JLR) has admitted some data may have been accessed by hackers following a cyber attack which severely disrupted production.
-
Everything we know about the Plex data breach so farNews Plex advised users to sign out of any connected devices that are currently logged in and enable two-factor authentication if they haven’t already.
-
Prolific ransomware operator added to Europe’s Most Wanted list as US dangles $10 million rewardNews The US Department of Justice is offering a reward of up to $10 million for information leading to the arrest of Volodymyr Viktorovych Tymoshchuk, an alleged ransomware criminal.
-
FBI warns 'indiscriminate' Salt Typhoon hacking campaign has hit organizations in more than 80 countriesNews The Salt Typhoon hacker group has waged several major campaigns against US telecoms companies and critical infrastructure operators – now it's ramping up attacks globally.
-
Salesloft Drift hackers had access to company GitHub account for months before attacksNews Hackers behind the Salesloft Drift breach had access to the company’s GitHub account for several months before waging a flurry of attacks, the company has revealed.
