When Tony was signed off for burnout from his cybersecurity awareness role at a major UK ecommerce company last year, it had been a long time coming.
“Many of us in cyber, we put our hearts into our job. There’s a lot of passion involved.”
He had found it progressively harder to sleep, and to go into the office.
Tony, who did not want his real name used, recalls the Wannacry ransomware attack in 2017. “It was a Friday and something came up on BBC News.”
The security team got on a call that evening and the decision was taken to remove every single device from the network.
“And it was Sunday afternoon that I came offline,” he says.
The firm hadn’t been hit by the bug, he says. “It was all preparatory work.”
Tony said this pattern is currently being repeated across organizations trying to protect themselves against the Scattered Spider attacks that hit retailers and other businesses this year.
And, he says, “I can’t even imagine what the folks at Co-op and M&S have gone through.”
“If you think you might be burning out, you’re already on your way there,” says Andrew Tillman, former head of cyber risk and assurance for the UK’s Health Security Agency.
He says cyber security can, at times, be “the best job in the world”. But when things get bad “it can be a bit of a dangerous place to be”.
Mr Tillman has suffered bouts of “burnout” himself through his four years at the agency.
That stress is revealing itself in data collected by ISC2, the membership organisation for cybersecurity professionals.
Its annual Workforce Study, external showed a 66% favourable job satisfaction rate in 2024, down four percentage points from the previous year.
Burnout is a “major issue” for the sector, ISC2’s chief information security officer Jon France says.
He says professionals in the industry are increasingly being asked “to do more with less” which only increases stress and job dissatisfaction.
“Cyber professionals rarely work nine to five”, he adds, “Even if they do, they remain on call because threat actors don’t adhere to office hours.”
Part of the issue is that hackers have become more aggressive, prepared to target critical national infrastructure, or cripple health organizations with ransomware.
Source: BBC News