Combating cybersecurity burnout with smarter technology

David Nuti, Head of Security Strategy, Extreme Networks explains how AI, automation and policy management can prevent cybersecurity team burnout.

Cybersecurity burnout

When large-scale cyberattacks hit the news, all eyes turn to ransomware gangs or state-backed hackers.

What’s less visible, however, is the silent epidemic afflicting the teams trying to stop them.

A recent BBC report highlights a growing crisis: Burnout in the cybersecurity workforce.

Most cybersecurity professionals rarely work nine to five and often feel as though they’re always on call.

Beyond the long hours, they’re also increasingly expected to do more with less.

The recent attacks on major UK retailers reveal another pattern beyond high profile breaches: Round-the-clock demands on security teams are becoming the norm rather than the exception.

In short, it’s a job of constant vigilance and little downtime.

This combination is putting teams under intense pressure and highlights the need for smart technology to lighten workloads and support those on the front lines. 

The burnout-policy connection

When cybersecurity teams are stretched thin, corners get cut. Processes drift. Permissions go unchecked. Exceptions are made ‘just for now.’ Over time, these small lapses build up into something much bigger: Policy creep.

Policy creep happens when users (employees, contractors, even automated agents), accumulate access rights they no longer need.

In high-pressure environments, permissions slide. Revoking them means another ticket, another task, another late night. But each leftover credential is a potential unlocked side door waiting to be found.

With 43% of organisations experiencing a cyberattack in the past year, the cost of small oversights can be staggering.

The global average cost of a data breach now sits at $4.44 million and UK organisations face the same reality: A single incident can quickly escalate into millions once fines, recovery and reputational damage pile up.

A system under strain

A workforce study by ISC2, the membership organisation for cybersecurity professionals, reveals that satisfaction levels across the industry have dropped to 66%, down four points year on year, with burnout named as a major issue.

This dissatisfaction runs across the board. Entry-level analysts face unrelenting volumes of alerts. Mid-tier managers juggle compliance requirements with delivery pressures.

Meanwhile, CISOs must report to boards and regulators while leading teams running on fumes.

All this pressure opens up space for human error. Forgotten permissions, poorly documented handovers, inconsistent policy reviews: These aren’t skill failures but rather symptoms of fatigue.

Building security that protects people too

There’s a lot of talk about building resilient networks. But resilience is also a people problem. Reducing burnout and policy creep requires a mindset shift: One that sees automation, visibility and culture as essential layers of defence.

Here’s what you can do:

• Automate policy hygiene: The longer outdated permissions hang around, the more dangerous they become. AI-assisted access reviews can identify and eliminate redundant credentials before they multiply, saving teams hours of manual auditing and preventing policy sprawl

• Make identity the foundation: When security is built into the network rather than added later, it eases the daily load on already stretched teams. AI-powered platforms that unite network, security and automation in one place reduce complexity, close blind spots and help staff respond faster, before small issues turn into long nights

• Embed continuous verification: Instead of relying on quarterly reviews, continuous verification tools can check exceptions in real time. That means security teams aren’t carrying the mental load of tracking every permission change themselves

• Reduce strain with intelligent automation: Manual tasks such as permission audits, exception tracking and network monitoring, accumulate quickly and drain already stretched teams. By embedding AI into network and security workflows, organisations gain a tireless digital teammate that automates routine checks, detects anomalies, optimises performance and provides clear, actionable recommendations. This lowers human workload, prevents policy creep, accelerates incident response and allows teams to focus on high-value decision-making instead of repetitive tasks that lead to fatigue and burnout

Defeating burnout today and tomorrow

Security professionals thrive on purpose. They know what’s at stake and rise to the challenge. But no team can operate at high alert indefinitely.

Leveraging AI-powered network security, automating policy hygiene, adopting identity-based access and enforcing continuous verification can streamline operations, reduce repetitive tasks and give teams the space to focus on where their expertise matters most.

Preventing burnout is therefore more than a wellbeing issue: It’s a strategic imperative.

By building security into the infrastructure and unifying how it’s managed, organisations can reduce complexity, ease the pressure on teams and strengthen long-term resilience.

The organisations that act now to protect their people and their networks together will be best equipped to defend against tomorrow’s threats and keep their teams engaged, motivated and strong.