Tackling Burnout in the High-Stakes World of Security
The security industry, often characterized by its stoic guardians and vigilant protectors, now faces a silent but pervasive threat: burnout.
From the cybersecurity professionals in the digital realm to the security guards on the ground, the toll of this relentless profession is palpable. An alarming 50 percent of cybersecurity professionals expect that they will experience burnout within the next 12 months or sooner, according to a June 2024 report. This isn’t just about employee turnover; it’s a fundamental issue that threatens our safety.
According to the World Health Organization (WHO), burnout is classified in the International Classification of Diseases (ICD-11) as an occupational phenomenon, not a medical condition. It arises from chronic workplace stress that has not been successfully managed. The WHO emphasizes that burnout is specifically linked to workplace stress and is not meant to encompass stress related to other life domains. However, its ripple effects can deeply affect all aspects of an individual’s life and the broader organizational ecosystem.
The impact of burnout extends well beyond the individual, particularly when it affects security personnel. Given the high-stress nature of their responsibilities—often involving long hours, constant vigilance, and critical decision-making—the consequences can be significant and far-reaching. Mental and emotional exhaustion among security staff dramatically increases the likelihood of oversight, human errors, and weakened security measures. This heightened vulnerability not only escalates the risk of physical and digital security breaches but also poses serious threats to organizational integrity and public safety.
Addressing burnout in security personnel is not just about addressing the well-being of staff; it is crucial for maintaining the integrity and effectiveness of organizational security frameworks. The stakes are high, and the time for action is now.
The Nature of Burnout
Burnout is more than a state of fatigue; it’s a complex phenomenon characterized by emotional, physical, and mental exhaustion, primarily caused by prolonged and excessive workplace stress. In the context of the security industry, burnout manifests as a chronic response to prolonged stressors, leading to a diminished capacity to manage stress, reduced productivity, and an increased likelihood of errors.
There is often a misunderstanding about how to identify burnout; it is sometimes mistaken for regular stress. However, while stress is a natural response to challenging situations, burnout is the result of unmanaged, chronic stress. Unlike temporary stress, which can motivate individuals, burnout leads to a persistent state of exhaustion and disengagement, making recovery more complex.
Understanding the multifaceted nature of burnout is essential for identifying its root causes and implementing effective strategies for prevention and management. The three dimensions of burnout according to the Maslach Burnout Theory are: emotional exhaustion, or feeling overextended and depleted of emotional resources; depersonalization or developing a detached or cynical attitude toward one’s job and colleagues; and reduced personal accomplishment, such as experiencing a decline in feelings of competence and achievement at work.
Contributing Factors
Several key factors contribute to burnout among security professionals.
High workloads and alert overload. The relentless pressure to defend against an ever-changing threat landscape often leads to long hours and high alertness. Working too many hours is responsible for the deaths of millions of people every year, likely because overwork makes people suffer either weight loss or gain, body pain, exhaustion, high levels of cortisol, sleep loss, and more. Security’s high-stakes environment, where even a small oversight could lead to severe consequences, exacerbates the issue.
Monotony and repetitive tasks. Security work often involves repetitive tasks that can lead to disengagement. Tines’s 2023 Voice of the SOC report highlighted that more than a quarter of security professionals spend more than half their work time on repetitive manual tasks, identifying this as a leading source of burnout.
Repetitive jobs can also take a toll on physical health, often leading to symptoms like tension headaches, muscle tightness, and other stress-induced conditions. Both employers and employees must recognize the mental health challenges associated with repetitive tasks and adopt effective strategies to address and minimize these impacts.
Limited resources. The industry’s struggle with underfunding and understaffing intensifies the workload. According to a 2023 study by the Information Systems Audit and Control Association (ISACA), 60 percent of organizations reported difficulties in retaining skilled cybersecurity professionals, with work-related stress being a primary factor driving resignations. Additionally, ISC2 reported in October 2024 that there is a shortfall of 4.8 million people in the current cybersecurity workforce, putting additional pressure on existing teams.
The cybersecurity industry is grappling with significant financial losses due to the impact of limited resources on mental well-being among professionals, exacerbated by a growing skills shortage.
According to a 2024 study “Building a firewall against cybersecurity burnout“ released by Hack the Box, 74 percent of cybersecurity professionals globally report taking time off due to work-related mental health challenges, with an average of 3.4 sick days per year attributed to such issues. This poor mental health also leads to decreased productivity, with affected professionals losing an average of 3.4 work hours per month—or 5.1 working days per year—to mental health struggles. For medium-to-large enterprises, this loss translates to an estimated $626 million annually in the United States and £130 million in the UK.
74 percent of cybersecurity professionals globally report taking time off due to work-related mental health challenges.
Work-life imbalance. The lack of work-life balance is a significant contributor to burnout among security professionals. The demanding nature of their roles, combined with constant pressure to ensure safety and mitigate risks, often leaves little room for personal time and recovery. This imbalance can have profound implications, not just for the individuals, but also for their teams, organizations, and the broader security landscape. A study by Nominet in 2020 found that 88 percent of CISOs reported being moderately or tremendously stressed, with 48 percent saying work stress had a detrimental impact on their mental health. This study identified several key factors and “lack of work-life balance” with 32 percent at the same level of “insufficient budget and resources” with 32 percent.
In high-stakes professions, maintaining a balance between professional demands and personal well-being is not a luxury, it is a necessity. Organizations that prioritize work-life balance will not only enhance the well-being of their security professionals but also improve overall operational resilience and performance.
Organizational culture. The perception of security as a cost center, combined with a lack of recognition, contributes significantly to burnout. A 2023 study by the UK Security Industry Authority (SIA) found that over a third of security officers reported high levels of stress, often feeling undervalued and misunderstood by the public. The lack of investment in mental health resources and support can exacerbate the issue, the study noted.
Rewards and recognition must always be genuine, not superficial or manipulative. While expressing appreciation for a job well-done is essential, it is equally important to avoid creating competition among employees or recognizing only certain individuals. Recognition programs that highlight one part of a team over another can lead to jealousy or resentment, especially if team members feel overlooked or perceive the recognition as undeserved.
These factors not only affect the individual, but also have organizational repercussions. Burnout leads to increased absenteeism, decreased performance, and higher turnover rate, driving a huge financial impact on companies.
Understanding the nature of burnout in the security industry requires recognizing these contributing factors and the unique pressures faced by those tasked with safeguarding digital and physical assets.
The Impact of Burnout
Burnout in the security industry is not merely a matter of feeling overwhelmed; it has profound effects on the mental, physical, and professional health of security personnel.
The physical toll of burnout is equally concerning. Chronic fatigue, headaches, and other stress-related ailments are common among security professionals. Hack The Box’s report revealed that burnout affects 84 percent of cybersecurity professionals, leading to physical health issues that can necessitate time off work. These health concerns not only affect the individual but also impact job performance. For example, a 2023 CyberArk report indicated that 59 percent of security professionals in the UK have been impacted by burnout, directly affecting their ability to perform their jobs effectively. This can result in increased errors, an oversight of critical vulnerabilities, and a general decline in the quality of work.
The mental and emotional exhaustion associated with burnout can lead to oversight and human error, increasing the risk of security breaches. A peer community survey by Gartner revealed that 62 percent of IT and security leaders have experienced burnout, with many planning to leave their roles due to unique stressors, potentially undermining digital safety.
Burnout can significantly compromise the physical security of an organization, too. When security officers are burnt out, their cognitive function and alertness are impaired. They react more slowly, potentially missing critical signs of threats or breaches, and fail to notice events happening around them, increasing the risk of security incidents going undetected. Additionally, their responses to security situations may be flawed, potentially escalating rather than deescalating threats. Poor logic and impaired judgment can lead to decisions that undermine security protocols. Chronic stress and burnout are also linked to serious health issues, including anxiety, depression, and other stress-related disorders.
When security officers are burned out, their cognitive function and alertness are impaired.
The financial impact of burnout is substantial, encompassing costs related to lost productivity, recruitment, and training of new staff. Organizations may also face increased expenses due to security incidents caused by errors made by overburdened personnel. Beyond financial consequences, persistent burnout contributes to a toxic work environment, resulting in low morale, decreased job satisfaction, and strained team dynamics. Such an environment can deter potential talent from joining the organization and hinder effective collaboration.
Burnout can also lead to ethical crises. CISOs and security professionals, overwhelmed by the responsibility of safeguarding sensitive assets, may resort to unethical actions such as covering up mistakes, falsifying reports, or failing to disclose incidents out of fear or desperation. These actions can have severe legal and ethical ramifications for individuals and their organizations.
Finally, burnout drives experienced and skilled professionals out of the industry, exacerbating an already critical skills shortage in security. High turnover among security personnel further weakens organizational defenses and creates additional challenges in recruiting and training new talent.
Strategies to Combat Burnout
Burnout among security professionals is a critical issue that necessitates comprehensive strategies to ensure both individual well-being and organizational effectiveness. The security industry must address burnout as a critical threat to its effectiveness in safeguarding digital and physical assets. Here are several holistic strategies tailored to support security professionals:
Creating a work culture where security teams feel valued and heard is fundamental. This can be achieved through open communication, where staff can voice their concerns freely. Transparency helps identify issues early, allowing for timely interventions. It is equally important to recognize that open communication must also be respected as a core component of diversity, equity, and inclusion (DEI) initiatives. Not everyone will agree with every opinion, and that is not only acceptable but essential for fostering innovation and creating balanced solutions. Organizations need to actively address this by encouraging respectful dialogue and ensuring that diverse perspectives are valued, even when they differ from the majority.
Recognizing and rewarding hard work can also boost morale, reinforcing employees’ value to the organization. Team-building activities or social events can foster a positive team dynamic, helping individuals manage stress more effectively. By combining these efforts with a commitment to open, inclusive communication, organizations can create an environment where all employees feel heard and respected, leading to stronger teams and improved outcomes.
Promoting a balance between work and personal life is essential. Providing flexible schedules, part-time work options, or the ability to work remotely for administrative tasks can help employees better manage their personal responsibilities. Implementing policies that discourage after-hours communication further reduces stress and promotes a healthier work-life dynamic.
Mandating regular breaks and ensuring sufficient time off between shifts can significantly mitigate fatigue and prevent burnout. Promoting the importance of rest is essential for maintaining a healthy and productive workforce. Additionally, rotating duties allow staff to gain varied experiences, reducing monotony and helping to prevent burnout while keeping employees engaged and motivated.
Investing in the growth and development of security personnel keeps them engaged. Ongoing security awareness training, certifications, and career advancement opportunities help staff stay up to date with current challenges, reducing the stress associated with feeling unprepared. Encouraging employees to learn new skills or engage in different aspects of security work can enhance their capabilities and job satisfaction.
Ensuring that security teams have access to useful tools, technologies, and training can significantly reduce stress and improve job satisfaction. Continuous learning opportunities enable professionals to stay updated with evolving threats and enhance their competence.
Effective management strategies are crucial. Managers should be trained to recognize signs of burnout and provide immediate support, offering resources like counseling or stress management training. Programs that include meditation, relaxation exercises, and resilience training have been shown to reduce burnout symptoms.
Cultivating mindfulness can help reduce stress and improve mental clarity, providing essential tools for coping with daily challenges. Temporarily lowering expectations and workload can allow for recovery, preventing further burnout. Encouraging team building and support systems can result in shared workload and emotional support, reducing individual pressure.
Leveraging technology. Technology can play a pivotal role in alleviating the burden of repetitive tasks, particularly in security operations where efficiency and accuracy are paramount. Tools like phishing simulators and automated security systems can streamline processes, reducing the need for manual intervention in routine tasks. Similarly, automated security systems can monitor networks, flag anomalies, and even neutralize low-level threats without human intervention.
By integrating such tools into their workflows, organizations can significantly reduce the manual workload of their security personnel, freeing them to concentrate on higher-priority and more strategic responsibilities. This shift not only enhances overall efficiency but also reduces the cognitive load on employees, minimizing stress and the risk of burnout. Moreover, automation can improve the accuracy of repetitive tasks by reducing human error, further strengthening the organization’s security posture. Embracing technology not only supports the well-being of security professionals but also contributes to a more resilient and effective security infrastructure.
Prioritizing mental health resources. Resources are a vital component of fostering a supportive workplace environment, especially in high-stress fields like security. Offering accessible and confidential counseling services, organizing stress management workshops, and implementing mental health days not only demonstrate an organization’s commitment to employee well-being but create a culture where mental health is valued and normalized. These initiatives signal to employees that their mental health is as important as their performance, encouraging them to seek support without fear of stigma.
Regularly promote these resources through internal communications, such as newsletters, team meetings, or dedicated wellness platforms. This outreach can encourage employees to take advantage of available support. Integrating mental health discussions into workplace dialogue also helps to destigmatize seeking help and fosters a more open, understanding workplace culture.
Ethical Considerations for Leaders
Burnout is not merely a personal issue; it’s a systemic problem that reflects the organization’s culture, its values, and the ethical responsibilities it holds towards its employees.
Leadership plays a pivotal role in shaping the ethical foundation of the workplace. Leaders set the tone for organizational culture, and their actions profoundly influence how employees cope with stress and navigate high-pressure situations. A proactive leader encourages open-minded communication, cultivating a safe environment where employees feel comfortable discussing their challenges and seeking support without fear of judgment or repercussions.
In the security field, leaders who support employees and treat them with personalized care can significantly enhance the climate of psychological safety. This empathetic approach fosters an environment where employees feel free to voice their concerns and share challenges without fear of retribution or stigma. By prioritizing empathy and understanding, leaders can counteract the risk of organizational dehumanization—where employees feel reduced to mere cogs in a machine—and instead promote a culture that values individuals, fostering a genuine sense of belonging and purpose.
Leaders who support employees and treat them with personalized care can significantly enhance the climate of psychological safety.
Ethical management requires leaders to take a proactive stance in recognizing the signs of burnout and intervening when necessary. It’s not enough to provide resources; leaders must lead by example, demonstrating a commitment to work-life balance and stress management. When employees see their leaders taking time off, setting clear boundaries, and engaging in hobbies outside work, it sends a powerful message that well-being is valued and prioritized.
Moreover, the duty of care extends beyond individual well-being. Leaders must promote a collaborative security mindset within the organization. This shift recognizes that security is a collective responsibility, not solely resting on the shoulders of dedicated security teams. By equipping all employees with the knowledge to identify threats, understand security protocols, and know whom to contact in case of an issue, organizations can build a human firewall. This not only reduces the pressure on security personnel but also enhances the organization’s overall security posture.
Investing in employee growth is another ethical responsibility for leaders. Professional development, certifications, and skill diversification keep security professionals engaged and motivated. When employees feel valued and supported in their career progression, they are less likely to suffer from burnout, as their work becomes more fulfilling and less monotonous.
Ethical leadership in the security industry also means recognizing and rewarding employee efforts. Regularly acknowledging contributions, celebrating successes, and fostering a culture of recognition can boost morale and job satisfaction. This approach not only mitigates the risk of burnout but also promotes a positive work environment.
Finally, leadership is about empowering employees to thrive. This includes providing access to professional development opportunities and resilience training to equip teams with the tools to handle stress effectively. By continuously assessing organizational practices and adapting to employees’ needs, leaders can create a supportive environment that prioritizes well-being. Such a culture not only prevents burnout but also enhances productivity, engagement, and the long-term success of the organization, while achieving a real work-life balance.
To combat burnout effectively, organizations must take a proactive and holistic approach. Addressing burnout isn’t just about retaining talent or improving productivity; it’s about upholding ethical standards that respect and support the guardians of our digital and physical world. By prioritizing well-being, organizations can ensure their security teams perform at their best to protect against threats.
After 30 years in the security industry, in both the public and private sectors, Eric Davoine, CPP, is now head of physical security and safety for an international insurance company. Over the course of his career, he has managed a large number of people and teams and has often had to deal with mental health problems. Today, he is deeply committed to protecting this sometimes-invisible aspect of human suffering.
Gigi Agassini, CPP, is an independent security consultant and advisor. With more than 17 years of experience in physical security, cybersecurity, and risk management, she specializes in strategic planning and operations expansion across Latin America and international markets. A CPP and ISO 27002:2022-certified professional, Agassini leads a consultancy focused on holistic security strategies. As a trainer and speaker, she shares expertise in artificial intelligence (AI), cybersecurity, and data protection, contributing regularly to industry publications.