European cybersecurity professionals face burnout due to high pressure and staff shortages
Burnout among security professionals in Europe is reaching concerning levels, with 68% of workers experiencing burnout to varying degrees. Of this number, 32% reported high burnout, while 36% indicated moderate levels. The UK has been hit particularly hard, with 40% of professionals facing elevated stress.
This burnout has not gone unnoticed by cybercriminals, as 80% of respondents identified IT/Security departments as the primary targets within their organisations – well ahead of Finance (32%) and Sales (20%).
These insights are drawn from SoSafe’s 2024 Human Risk Review, which analysed the cyber threat landscape and corporate security culture. The report compiled feedback from over 1,250 security leaders in Western Europe and utilised 3.2 million data points from SoSafe's awareness and human risk management platform.
The Growing Drivers of Burnout in Cybersecurity
The demanding nature of cybersecurity is contributing to rising burnout rates. According to the report, 33% of respondents cited high-pressure environments as a primary factor, while 29% pointed to long hours and overtime. Excessive workloads affected 28%, and 25% felt trapped in constant firefighting mode.
These challenges are further compounded by escalating cyber risks. Emerging technologies, such as generative AI, were a concern for 84% of respondents, while 77% highlighted geopolitical instability as a major driver of increased cyber threats. Supply chain security also emerged as a growing issue, with 85% of professionals expressing concern.
Inadequate staffing adds further strain, with 24% of respondents pointing to understaffed teams as a significant stress factor. This issue is part of a broader talent shortage across the industry. According to ISC2’s 2023 Workforce Study, the EU alone has approximately 274,000 unfilled cybersecurity positions, while globally, 3.9 million roles remain vacant. To address this gap, 29% more workers would be needed worldwide.
Andrew Rose, Chief Security Officer at SoSafe, himself was affected by burnout several years ago and still remembers a very stressful time: "Burnout crept up on me slowly, fueled by the constant pressure to do more, cut costs, and never fail. I thought this stress was just part of the job as a leader until I started experiencing cognitive, emotional, and physical symptoms from the overload. When I finally spoke up, the response from my manager was disappointing, and without support, I made the difficult decision to resign. Not everyone has that option, and that’s why it’s crucial to recognise the signs early, speak up, and seek support. As leaders, teammates and partners, it's essential we foster environments where stress is addressed proactively, not ignored."
Addressing burnout with human-first security practices
Burnout doesn’t just take a heavy toll on the mental and physical health of individuals; it also poses a significant risk to organisations: Increased stress and burnout often lead to mistakes and overlooked security alerts, with 83% of IT security professionals acknowledging that burnout has caused errors in their department, resulting in security breaches.
"Given the challenges that security teams are facing, it's crucial to adopt solutions that not only automate their tasks efficiently but also ensure sustainable risk reduction," said Dr Niklas Hellemann, psychologist and CEO of SoSafe. "To achieve this, companies must actively involve their employees, who are the most versatile part of their security strategies. The focus should be on changing behaviors rather than merely transmitting knowledge, as this is key to creating a resilient cybersecurity culture."
Organisations are increasingly recognising the importance of these measures, with 89% of security leaders emphasising the need to build a strong security culture. Nearly every organisation (99%) report that senior executives and board members are actively involved in cybersecurity governance and decision-making. Moreover, 3 out of 5 organisations have increased their cybersecurity budgets in the last two years. However, the alarming burnout data highlights that while progress is being made – in terms of the Exec support and budget that CISOs have sought for years – there is still a long way to go to fully address the pressures and challenges faced by security professionals.
For more startup news, check out the other articles on the website, and subscribe to the magazine for free. Listen to The Cereal Entrepreneur podcast for more interviews with entrepreneurs and big-hitters in the startup ecosystem.