Cyber security specialists are paid to be paranoid. Every day they anticipate sophisticated attacks, patch vulnerabilities, and stay one step ahead of criminals. But a new survey suggests that the paranoia many feel is no longer confined to the digital battlefield. For thousands of IT and cyber professionals across the UK, the threat now comes from their own workplaces.
Research by Kocho, the UK-based cybersecurity and managed services provider, found that 84% of IT and cyber staff fear a serious breach could cost them their jobs. The survey of 501 CIOs, security analysts, and IT staff revealed an industry under intense pressure, where the consequences of incidents can be as daunting as the attacks themselves.
“Cyber incidents are often discussed in terms of financial and operational impact, but the human cost is frequently overlooked,” said Hannah Birch, CEO of Kocho. “The constant fear of a serious incident – and the personal consequences that can follow – creates an environment where anxiety and burnout are never far away, even when incidents are outside an individual’s direct control.”
Almost six-in-ten respondents said their teams suffered from high levels of stress, while 53% admitted they struggled to switch off after work. More than a third (34%) reported constant worry about losing their job because of mistakes made by colleagues. More than 60% had experienced at least one major breach, and one in four had taken time away from work due to burnout or anxiety.
“The fear is rooted in the uncomfortable reality that professionals know careers can end over incidents entirely outside of their control,” Birch said. “The dynamic allows for an environment where hard-working people live with constant anxiety about being held responsible for the actions of sophisticated threat actors, which is unsustainable for the sector.”
Stress is not just a personal burden; it can affect how cyber teams operate. “High stress levels can be devastating,” Birch said. “When teams can’t switch off and are constantly looking over their shoulders, you don’t get the clear-headed thinking that effective cybersecurity demands. We’re talking about real-world consequences if decisions are clouded by anxiety. And this doesn’t even touch on the terrible effects high stress can have on health and home life.”
The survey also pointed to a deeply ingrained culture of blame. More than 10% of respondents reported being demoted, passed over for promotion, or fired, while 14% said they were held culpable internally for breaches. Birch described what this culture looks like in practice. “A blame culture means that when something goes wrong, the focus is on finding someone to hold responsible rather than understanding what happened and how to prevent it recurring. The human cost is we see experienced, talented professionals leave the industry entirely, others suffer in isolation, and organisations lose the institutional knowledge they desperately need.”
She continued: “We must shift from asking ‘who’s at fault?’ to ‘how do we support our teams better?’ The industry has focused on technical solutions for decades, but we have ignored the human element at our peril.”
The survey also suggested that fear affects collaboration and openness within teams. Birch said: “Fear kills the open communication that’s essential for robust security. When professionals worry that admitting a gap or raising a concern could cost them their job, they become defensive rather than collaborative. It’s the exact opposite of the culture needed to keep organisations safe.”
The impact is not just psychological; it can have career-long consequences. Seventeen percent of respondents said that blame or a sense of responsibility made them reconsider a career in cyber protection, while 12% reported a profound sense of isolation. “People are questioning whether the industry is sustainable for them personally,” Birch said. “That’s not just a loss for individuals, it’s a loss for organisations that depend on their expertise.”
This combination of stress, fear, and blame has wider implications for the sector. Birch said: “Organisations need to think about how they support these critically important professionals, and help alleviate the burdens both technically and psychologically. Many are likely to have gone through very bad experiences, leading to absences from work and prolonged underperformance. Without support, severe depression can be one of the consequences.”
The survey also highlighted that the issue is not limited to junior staff. While this research did not segment findings by job level, Birch said: “It’s an important question. Senior leaders are under pressure too, and their stress affects the entire team. Future research needs to explore this across career stages, because tackling it holistically is the only way to ensure the sector remains resilient.”
As cyber threats continue to escalate, the report sends a clear message: technology alone cannot protect organisations. Birch said: “The industry has invested heavily in tools, monitoring, and systems, but if we neglect the human element, those investments are undermined. The people protecting the systems are just as critical as the systems themselves. We need to build cultures that recognise their expertise, support their mental health, and reduce the toxic fear that is currently pervasive.”
For those on the front lines of digital defence, the stakes are higher than ever. Birch added: “The UK relies on these professionals to keep essential services running and data secure. If fear, stress, and blame continue to dominate, we risk not just individual careers but the stability of the systems society depends on. Supporting people isn’t a soft option – it’s critical security strategy.”
The survey paints a sobering picture of an industry at breaking point, where the human cost of cyber security is too often hidden behind headlines about breaches and technical failures. As Birch concluded: “Cybersecurity isn’t just about code, firewalls, or monitoring. It’s about people. We need to stop punishing those who take responsibility and start investing in their wellbeing, because without them, nothing else works.”
There’s plenty of other editorial on our sister site, Electronic Specifier! Or you can always join in the conversation by visiting our LinkedIn page.
