Burnout in Cybersecurity Incident Responders: Exploring the Factors that Light the Fire

Abstract

As concerns about employee burnout and skilled staff shortages in cybersecurity grow, our study aims to better understand the contributing factors to burnout in this field. Utilizing a mixed-methods approach, we analyze self-reported job and personal characteristics, along with digital activity data from 35 incident responders, identifying several factors such as high workload, time pressure, and lack of support from management. Our findings reveal that over half of the participants experience burnout (N=19), which is linked to increased workload, limited control, poor teamwork, and inadequate recognition. Burned-out responders often work more than 40 hours per week, have poor sleep quality, and engage in more email activities, meetings, and after-hour collaborations. Through our research, we also identify coping strategies individuals use to mitigate these stressors. Based on our findings, we provide practical recommendations to help organizations better support their cybersecurity incident response teams. While our study acknowledges limitations and suggests future research directions, it contributes significantly to understanding the challenges faced by cybersecurity incident responders. Our insights offer a comprehensive understanding of burnout factors in this domain and have broader implications for other high-stress work environments consistent with the interdisciplinary nature of CSCW.