68% of security professionals in Europe are experiencing burnout, with 32% experiencing high burnout levels and 36% experiencing a moderate degree. The UK is particularly affected, with 40% of respondents reporting high stress levels.
Criminals seem to recognise the opportunity this overwhelm presents to them as 80% of respondents say that IT/Security are the departments most likely to be targeted within their company, far ahead of Finance (32%) or Sales (20%).
The numbers come from SoSafe’s 2024 Human Risk Review on the current cyber threat landscape and corporate security culture. The report uses responses from more than 1,250 security leaders in Western Europe, along with 3.2 million data points from the SoSafe awareness and human risk management platform.
Understanding the key drivers of burnout in cybersecurity
In the fast-paced world of cybersecurity, burnout is becoming alarmingly common. Key factors driving this trend include a high-pressure environment, cited by 33% of respondents, and long hours or overtime, reported by 29%. Additionally, 28% of professionals point to excessive workloads, while 25% are caught in constant firefighting. These stressors are further intensified by the rising cyber risks that are contributing to burnout, driven by factors such as new technologies like generative AI, which 84% of professionals view as a concern; global instability, with 77% acknowledging increased risks due to geopolitical factors; and the growing concern over supply chain security, highlighted by 85% of respondents.
A further 24% highlight insufficient staffing as a significant stressor, which is exacerbated by the broader industry-wide shortage of professionals: According to ISC2’s 2023 Workforce Study, the cybersecurity sector is facing an unprecedented shortage, with approximately 274,000 unfilled positions in the EU alone. Globally, around 3.9 million cybersecurity roles remain vacant, with 29% more workers needed to bridge this gap.
Andrew Rose, Chief Security Officer at SoSafe, himself was affected by burnout several years ago and still remembers a very stressful time: “Burnout crept up on me slowly, fueled by the constant pressure to do more, cut costs, and never fail. I thought this stress was just part of the job as a leader until I started experiencing cognitive, emotional, and physical symptoms from the overload. When I finally spoke up, the response from my manager was disappointing, and without support, I made the difficult decision to resign. Not everyone has that option, and that’s why it’s crucial to recognise the signs early, speak up, and seek support. As leaders, teammates and partners, it’s essential we foster environments where stress is addressed proactively, not ignored.”
Addressing burnout with human-first security practices
Burnout doesn’t just take a heavy toll on the mental and physical health of individuals; it also poses a significant risk to organisations: Increased stress and burnout often lead to mistakes and overlooked security alerts, with 83% of IT security professionals acknowledging that burnout has caused errors in their department, resulting in security breaches.
“Given the challenges that security teams are facing, it’s crucial to adopt solutions that not only automate their tasks efficiently but also ensure sustainable risk reduction,” said Dr. Niklas Hellemann, psychologist and CEO of SoSafe. “To achieve this, companies must actively involve their employees, who are the most versatile part of their security strategies. The focus should be on changing behaviors rather than merely transmitting knowledge, as this is key to creating a resilient cybersecurity culture.”
Organisations are increasingly recognising the importance of these measures, with 89% of security leaders emphasising the need to build a strong security culture. Nearly every organisation (99%) report that senior executives and board members are actively involved in cybersecurity governance and decision-making. Moreover, 3 out of 5 organisations have increased their cybersecurity budgets in the last two years. However, the alarming burnout data highlights that while progress is being made- in terms of the Exec support and budget that CISOs have sought for years – there is still a long way to go to fully address the pressures and challenges faced by security professionals.
