“`html
Tony’s burnout, leading to a leave of absence from his cybersecurity awareness role at a major UK e-commerce firm last year, was the culmination of sustained pressure.
“Many of us in cyber security are deeply invested in our work. There’s a strong element of dedication involved,” he stated.
He recounted increasing difficulty sleeping and reluctance to go to the office.
Tony, who requested anonymity, recalls the Wannacry ransomware attack in 2017. “It was a Friday when news broke on the BBC.”
The security team convened that evening, ultimately deciding to disconnect every device from the network.
“I came offline on Sunday afternoon,” he recounts.
He clarified that the firm was not directly affected. “It was purely precautionary.”
Tony observes this pattern recurring across organizations endeavoring to defend against the Scattered Spider attacks that have recently targeted retailers and other businesses.
Furthermore, he noted, “I can’t even imagine what the teams at Co-op and M&S have endured.”
Andrew Tillman, former head of cyber risk and assurance for the UK’s Health Security Agency, cautions, “If you suspect you might be experiencing burnout, you’re likely already well on your way.”
He acknowledged that cybersecurity can be “the best job in the world” at times, but “it can be a challenging environment when things become difficult.”
Mr. Tillman himself experienced periods of burnout during his four years at the agency.
Data from ISC2, the membership organization for cybersecurity professionals, underscores this stress.
Their annual Workforce Study revealed a 66% job satisfaction rate in 2024, a decline of four percentage points from the previous year.
ISC2’s chief information security officer, Jon France, identified burnout as a “significant issue” within the sector.
He noted that professionals are increasingly being asked “to do more with less,” exacerbating stress and dissatisfaction.
“Cyber professionals rarely work nine to five,” he stated, “Even when they do, they remain on call because threat actors operate outside of standard business hours.”
A contributing factor is the increased aggression of hackers, who are now prepared to target critical national infrastructure or disrupt healthcare organizations with ransomware.
Furthermore, state-sponsored hackers are responsible for an increasing number of attacks aimed at espionage, intellectual property theft, misinformation campaigns, disruption, or financial gain.
North Korean hackers, for instance, have become more active and adept at cybercrime.
Earlier this year, hackers believed to be associated with the North Korean regime reportedly stole $1.5 billion (£1.1 billion) in digital tokens from the crypto exchange ByBit.
US officials estimate that cyber theft accounts for approximately half of North Korea’s foreign currency acquisition .
As private and public sector organizations digitize more of their operations, the potential consequences of a cyberattack or data breach become increasingly severe.
Mr. Tillman stated, “There’s always a conscious awareness of the potential impact on individuals—their jobs, their livelihoods—if something goes wrong.”
Lisa Ackerman, former deputy chief information security officer (CISO) at GSK and CISO Council strategic lead at Cybermindz, a non-profit organization focused on addressing burnout in cybersecurity, notes that staff turnover is particularly high in entry-level positions.
The constant stream of alerts from warning systems can further exacerbate the issue, presenting professionals with an overwhelming amount of data to analyze.
This can be particularly challenging for younger professionals in frontline roles and security operations centers.
However, Mr. Tillman emphasized that non-frontline roles are not immune.
Managing risk and ensuring compliance with regulations can be difficult when other teams are eager to deploy new applications or services without fully considering the security implications.
Cybermindz founder Peter Coroneos explained that cybersecurity professionals can find themselves in a “blame culture” where their successes are often “low visibility.”
This can lead to a constant undercurrent of apprehension.
Mr. Coroneos noted that this can be especially detrimental to younger workers, as the human brain continues to develop well into the 20s.
“If you are recruiting people whose brains are not fully formed and placing them in high-stress roles, you are potentially setting them up for long-term cognitive and emotional wellbeing issues.”
Cybermindz offers a “structured neural training regime” designed to restore a sense of psychological safety.
“Telling someone to simply ‘calm down’ during a panic attack is ineffective. You need to address the underlying neurochemistry,” Mr. Coroneos explained.
Ultimately, Mrs. Ackerman stated, “We need legislation for cyber teams similar to what exists for air traffic controllers, doctors, pilots, and first responders. Cyber defenders are, in reality, first responders.”
In the meantime, it is incumbent upon organizations and individuals to be vigilant for signs of stress before they escalate into more serious problems.
Mr. Tillman stated that he is now more attuned to the warning signs of impending burnout, including changes in sleep patterns, eating habits, reduced exercise, or neglecting personal routines.
“It’s analogous to a cyber breach,” he explained. “You should operate under the assumption that it’s inevitable and actively work to prevent it.”
More than 100 people, including suicide survivors and those bereaved by suicide, take part.
Proposals include a two-storey administrative building and four supported living apartments.
Reporter Joe Tidy was offered money if he would help cyber criminals access BBC systems.
Three ways to handle friends who leave you feeling worse, not better after you’ve met up.
Members of the autism community say in addition to research, people with autism need acceptance and support.
“`