Your cybersecurity staff are exhausted – and many have considered quitting


A man looking tired and stressed sitting in front of his computer.

Image: Getty/PeopleImages

Cybersecurity personnel are feeling exhausted and stressed to the point that many are considering quitting their jobs.

According to VMware research, 47% of cybersecurity incident responders report experiencing burnout or extreme stress in the past 12 months.

Although this figure is down slightly from 51% the previous year, it is not surprising that the percentage of people who say that the stress of working in cybersecurity has made them think about leaving their job has slightly increased.

Of this group, 69% say stress and burnout led them to consider their role, up from 65% in 2021.

Cybersecurity can be stressful work; not only do staff need to stay on top of the threats posed by cybercriminals, ransomware gangs, and even state-sponsored hacking campaigns, but they also need to ensure their users are equipped with the right tools needed to stay safe – often while working with a shoestring cybersecurity budget and an extended team that doesn’t always understand what it’s doing.

On top of that, there’s also the challenge of dealing with security vulnerabilities, especially when significant new zero-day exploits emerge and are used by hackers – according to the survey, 62% of respondents have encountered an exploit zero-day in the last 12 months, compared to 51% the previous year.

Meanwhile, two-thirds said the number of cyberattacks had increased since Russia invaded Ukraine – something cybersecurity agencies warned was a possibility when the war started.

SEE: A winning strategy for cybersecurity (ZDNET special report)

And all of this is happening as many cybersecurity teams still grapple with the transition to hybrid working, which, while beneficial for many, also brings additional cybersecurity challenges that criminals will attempt to exploit.

If these pressures take cybersecurity employees away from their jobs, it could have negative repercussions for everyone, because fewer cybersecurity personnel means it could be easier for cybercriminals to break into networks – and stay there undetected.

To help combat burnout, many companies are implementing strategies designed to help cybersecurity personnel manage their work-life balance. According to 72% of respondents, the most useful of these is flexible working hours, while investing in ongoing training and access to therapy and coaching are also listed as useful.

“Generally speaking, companies are taking the right steps when it comes to reducing burnout among cybersecurity professionals,” said Rick McElroy, senior cybersecurity strategist at VMware.

“But solving this problem is not a simple, one-time solution. Now is the time to really redouble our wellness efforts, such as flexible hours, more education, coaching and therapy,” he added.


Leave a Reply