Digital Newsletter
Each week our editor Phil Alsop rounds up the most popular articles, videos and expert opinions. We compile this into a Digital Newsletter and send it straight to your inbox every week.
Digital Magazines
We'll let you know each time a new edition of Digitalisation World is released so that you're always kept up-to-date with the latest and greatest news and press releases.
Video Magazines
The Digitalisation World Video magazine contains the latest Zoom interviews with experts in the industry.
This article follows new Kocho research revealing the significant human strain within the cyber industry, with 84% of senior professionals fearing a serious breach could cost them their job, and over half reporting consistently high stress levels within their teams. Many also struggle to switch off outside working hours, highlighting the intensity of ‘always-on’ security roles.
While cyber incidents are often measured in financial and operational terms, the findings underline a less visible reality: the personal toll on the people responsible for defending critical infrastructure.
Insights from the exclusive discussion with Anna Webb bring this into focus, highlighting the lived experience behind the statistics, including the pressure, responsibility, and psychological burden carried by cybersecurity professionals in an environment shaped by constant threat and escalating complexity.
When cybersecurity becomes personal
One of the clearest themes to emerge from Webb’s experience is that the pressure within cybersecurity is not simply operational; it is deeply personal. While infrastructure teams are often judged on uptime and recovery, she draws a distinction in how cyber teams are evaluated and perceived when things go wrong.
As Webb explains, infrastructure teams operate under significant pressure when systems fail or bugs occur, as they are expected to restore services quickly and get everything back up and running. However, in cybersecurity, the stakes shift from system recovery to public exposure and reputational fallout. Anna highlights that the defining fear is often visibility rather than downtime, pointing to high-profile incidents such as recent retail breaches.
That visibility, she argues, creates a level of pressure that extends far beyond organisational impact. While financial consequences are widely understood, the personal and professional ramifications for individuals are often overlooked. “Nobody thinks about what that means reputationally for you as an analyst, as an engineer, as somebody actually running the department,” she notes.
Perhaps most striking is her reflection on how a single incident can shape an entire career trajectory. “It’s about that one day in time that can change your whole career,” Anna explains, describing how even junior analysts may find themselves defined by a moment of failure in future job opportunities.
This contributes to a culture where highly skilled professionals carry sustained pressure without visibility or acknowledgement. As she puts it, “I’ve spent a lot of my career watching incredibly capable people carry an immeasurable and impossible pressure in complete silence, because they know they’ve got to do this job day in, day out.”
It is this silent burden, rather than the technical challenge alone, that defines much of the human reality of cybersecurity work.
Hypervigilance vs detachment
If the threat of a breach is ever-present, the way cyber professionals respond to that pressure can be just as defining as the incident itself. For the channel, where MSPs and security teams operate in ‘always-on’ environments, this tension is particularly evident.
Webb describes a clear split in behaviours, particularly among those who feel a constant sense of responsibility. As she explains, some professionals become almost hypervigilant, rarely switching off and remaining in a constant state of ‘what if’ thinking about potential threats. In practice, that means checking notifications late at night, logging in ‘just to have a look’, and never fully stepping away from the job. Even when there are solid processes and escalation paths in place, the instinct is still to keep one eye on things. This means switching off properly rarely happens, and without that downtime, there’s no real chance to recharge.
At the other end of the spectrum, the same pressure can lead to emotional detachment. Webb highlights that some people take a very firm boundary approach, fully switching off once their shift ends and viewing anything outside of it as no longer within their responsibility. In the channel, this presents a different kind of risk. While clear boundaries are essential, disengagement can undermine accountability and team cohesion, particularly in smaller or stretched security teams.
For MSPs and security providers, this tension highlights a deeper challenge. It is not just about having the right tools or processes in place, but about building an environment where individuals can maintain balance without compromising performance.
Encouraging openness in high-pressure environments
When it comes to whether these pressures are openly discussed, Webb points to a clear split in the industry. While some still hold back until things reach a breaking point, she notes that attitudes are shifting, with more professionals now willing to speak up earlier and say when they need time out.
She also reflects on how this is changing culturally, particularly in a space that has traditionally been male-dominated, where speaking about stress or mental health can still feel uncomfortable for some. But that perception is gradually shifting, with more openness emerging across teams.
For Kocho, Webb suggests this is something the organisation has actively tried to support. She highlights the importance of structured wellbeing support, from policies around mental health and annual leave to regular webinars and open internal conversations. In an industry where pressure is constant, that kind of environment can be the difference between silent strain and sustainable careers.
Blame culture and job security
In cybersecurity, pressure doesn’t just come from the threat of attack itself, but from what happens afterwards. The sense that a single incident can define a career sits heavily in the background, shaping how people behave long before anything actually goes wrong.
Webb is clear that this concern is not unfounded: “your career is judged on your worst day, so if something happens that's quite significant, there is that sort of worry.” In practice, that means professionals are not only managing systems and incidents, but also the potential career consequences of those incidents, which can include anything from reputational damage to demotion or job loss in more senior roles.
That pressure is felt differently across the industry and often comes down to internal scrutiny after an incident, particularly when teams are responsible for preventing exactly what has gone wrong. There is a tendency for organisations to look at what you have done in the aftermath, rather than stepping back to assess tooling, processes, and broader systemic factors.
At the same time, this can create a tension between hypervigilance and fear of failure. When people are constantly alert to potential issues, there is still no guarantee of catching everything, especially in an environment where threats evolve quickly and AI is accelerating change. Yet if something is missed, even unintentionally, the personal stakes can feel disproportionately high.
This environment can ultimately push people towards silence rather than action. If raising a concern risks being associated with an incident, some may choose not to speak up at all. That hesitation has wider implications in the channel, where early visibility and fast escalation are critical to preventing issues from escalating.
The result is a culture where pressure and accountability can blur together. Effective security is not just about individuals or mistakes, but about people, process, and technology working in balance. When blame overshadows that balance, it becomes harder to build resilience across teams or to maintain confidence in the face of constant threat.
Building a healthier cyber culture
One of the clearest themes running through Webb’s perspective is that pressure in cybersecurity is not just technical; it is cultural. Webb explains: “who you work with and who you work for makes a big impact.” That framing matters, particularly for MSPs, where analysts and engineers are often operating across multiple clients and incident environments at once. In that kind of setup, the organisational tone set by leadership directly shapes whether teams feel supported when incidents happen, or exposed to blame when things go wrong.
Cybersecurity rarely offers clean, predictable outcomes, which is something MSPs are constantly dealing with in real time. It is not an exact science and things are changing constantly. For MSPs, that unpredictability is the operating reality, not the exception. Threats evolve quickly, visibility is fragmented across clients, and even well-run processes can be overtaken by events. Framing performance expectations around certainty, rather than volatility, is where pressure can start to become unfair.
That is why Webb draws a clear line between accountability and blame when incidents occur. There is a clear difference between negligence and the realities of working in cybersecurity today. Teams are operating in an environment where threats evolve rapidly and the pace of change, particularly with the rise of AI and increasingly sophisticated attack methods, makes it difficult to stay consistently ahead. In that context, incidents cannot always be reduced to individual failure. Much of the pressure comes from trying to defend systems that are shifting faster than processes and human response can reasonably adapt to.
Practically, the takeaway for MSPs is less about adding more processes and more about reinforcing the right behaviours around the processes that already exist. That includes building a culture where escalation is supported rather than penalised, where time off is genuinely respected rather than quietly discouraged, and where post-incident reviews focus on system improvements rather than individual fault. Webb’s wider message is that resilience in cybersecurity does not come from constant vigilance alone, but from environments where people can switch off, reset, and return with clarity rather than exhaustion.
