Your cybersecurity staff are burned out - and many have thought about quitting

Cybersecurity is stressful work. For many, it's taking a toll. And that could be bad for everyone.
Written by Danny Palmer, Senior Writer

A man looking tired and stressed out while sitting at his computer.

Image: Getty/PeopleImages

Cybersecurity staff are feeling burnout and stressed to the extent that many are considering leaving their jobs. 

According to research by VMware, 47% of cybersecurity incident responders say they've experienced burnout or extreme stress over the past 12 months.  

While that's slightly down compared with 51% the previous year, unsurprisingly the percentage of people who say the stress of working in cybersecurity has made them think about leaving their jobs has slightly increased. 

Of this group, 69% say stress and burnout has resulted in them considering their position, compared with 65% in 2021. 

Cybersecurity can be stressful work; not only do staff need to stay on top of threats posed by cyber criminals, ransomware gangs and even nation-state sponsored hacking campaigns, they also need to ensure their users are equipped with the right tools needed to stay safe – often while working with a restricted cybersecurity budget and a wider team who don't always understand what they do.

On top of that, there's also the challenge of managing security vulnerabilities, particularly when significant new zero-day exploits emerge and get used by hackers – according to the survey, 62% of respondents encountered a zero-day exploit in the last 12 months, compared to 51% during the previous year. 

Meanwhile, two thirds said the number of cyber attacks has increased since Russia's invasion of Ukraine – something which cybersecurity agencies warned was a possibility when the war started.   

SEE: A winning strategy for cybersecurity (ZDNET special report) 

And all of this is happening while many cybersecurity teams are still dealing with the shift towards hybrid working, which while beneficial for many, also brings additional cybersecurity challenges which criminals will attempt to exploit. 

If these pressures are pushing cybersecurity employees away from their jobs, that could have negative repercussions for everyone because fewer cybersecurity staff means it could make it easier for cyber criminals to breach networks – and remain inside them without being detected.  

In order to help combat burnout, many businesses are implementing strategies designed to help cybersecurity personnel manage the balance between their work life and their home life.  According to 72% of respondents, the most helpful one of these is flexible hours, while investment in further education and access to therapy and coaching are also listed as helpful. 

"Broadly speaking, companies are taking the right steps when it comes to easing burnout among cybersecurity professionals," said Rick McElroy, principal cybersecurity strategist at VMware 

"But solving this issue isn't a simple, one-time fix. Now is the time to really double down on wellness efforts, such as flexible hours, more education, and coaching and therapy," he added. 


Editorial standards