Alert fatigue is fast becoming one of the most pressing challenges to operational resilience, new research suggests, and it's harming workforce morale.
According to Splunk’s State of Observability 2025, three-quarters (75%) of UK IT teams say they experienced outages as a result of an ignored or suppressed alert last year.
Meanwhile, 15% admitted to deliberately ignoring or suppressing alerts – higher than the global average of 13%.
The cacophony of alerts, legitimate or otherwise, that teams face on a daily basis is having a marked impact on both efficiency and morale, the study found. More than half (54%) of respondents said false alerts have a detrimental impact on this front.
The biggest cause of stress in the UK was tool sprawl, a major headache for 61%, followed by false alerts at 54%, and the sheer overall volume of alerts at 34%.
“IT teams are drowning in noise. Every day they’re hit with alerts, but without the right context or ownership, it’s almost impossible to know which ones really matter. This lack of clarity puts a lot of pressure on teams and slows response times.” said Petra Jenner, SVP and general manager, EMEA, at Splunk.
“When critical alerts get lost in that noise, organizations risk downtime and customer disruption, which can quickly translate into revenue loss and lasting reputational damage."
Incident response ownership needs to improve
According to researchers, a large part of the problem lies in a lack of clear ownership in incident response. Just 21% of respondents said they regularly isolate incidents to a specific team, while 36% admit they rarely isolate them.
This, the study noted, shows a serious lack of maturity in incident response, increasing the risk that important security alerts are left unaddressed, leaving organizations more vulnerable to attacks and exposing them to avoidable breaches and downtime.
Splunk advised heightened efforts to bridge silos across teams and strengthen observability practices. When observability and security teams work more closely together, ownership is better defined and fewer alerts are missed.
In fact, 64% of global respondents reported that stronger collaboration between these functions reduces customer-impacting incidents.
Observability in the spotlight
In terms of tools, organizations should be seeking out observability solutions that accurately triage alerts, understand context, suggest clear remediation paths, and reduce the number of interfaces stressed teams are required to work with.
"To build resilience and combat alert fatigue, organisations need to consider the psychological wellbeing of their IT staff and ensure the tools they use genuinely support them," said Jenner.
"With the right systems in place, alongside better cross-departmental co-ordination, teams can act quickly, with confidence and avoid the pitfalls of alert fatigue.”
Recent research from Arctic Wolf found that cyber criminals are aiming to increase pressure on security teams by timing their attacks for outside business hours, deliberately increasing alert fatigue.
More than half of alerts recorded by security operations teams are recorded after most of the business has clocked out, with around 15% taking place on weekends.
FOLLOW US ON SOCIAL MEDIA
Make sure to follow ITPro on Google News to keep tabs on all our latest news, analysis, and reviews.
You can also follow ITPro on LinkedIn, X, Facebook, and BlueSky.
Redefining resilience: Why MSP security must evolve to stay ahead
Microsoft unveils Maia 200 accelerator, claiming better performance per dollar than Amazon and Google
