Coinciding with European Cybersecurity Awareness Month, a new Sophos study reveals that professional burnout among cybersecurity personnel It is more widespread than previously thought..
Burnout periods are common in any job category, but in some sectors, in addition to being a problem for work and personal well-being, it is also a risk with a business ‘Price‘. This is clear from a new study by Sophos, which coincides with European Cybersecurity Awareness Month, analyzes the responses from 5,000 cybersecurity professionals from 17 countries.
Among the conclusions of the Human Cost of Vigilance 2025 study by Sophos, the following stand out:
- 76% of cybersecurity staff suffered burnout last yearand almost one in five consider it a constant obstacle.
- The problem is accelerating: 69% of those surveyed affirm that professional burnout worsened between 2023 and 2024.
- The business impact is evident: 39% admit a loss of productivity, 29% missed work and 22% considered quitting completely.
- These figures translate into a direct impact on the business. According to a recent CUNY report, burnout and disengagement can cost companies between $4,000 and $21,000 per employee per year in lost productivity. For a company of 1,000 people, this amounts to approximately $5 million annually, without taking into account additional costs resulting from cybersecurity failures or staff turnover.
- The Sophos study exhaustively analyzes this burnout problembased on one of the largest samples consulted to date and covering both human cost and financial risks. It also offers some key recommendations to reduce their impact, including the adoption of Managed Detection and Response (MDR) services, which in the case of Sophos offer continuous monitoring and immediate response to attacks, direct access to experts and 24×7 coverage.
«Cybersecurity burnout is more than a workplace problem; It also exposes companies. “When defenders are exhausted, mistakes are made, response times slow, and the likelihood of a breach increases.”highlights Tom Gorup, Vice President of Security Operations at Sophos.
“Resiliency, reputation and revenue are at stake, and the answer is not simply adding more technology. It’s about striking a balance through smarter workload management, combined with services like Managed Detection and Response, which ease the burden on internal teams and keep your defenders on their toes.”they explain.
