In the world of cybersecurity, headlines often focus on the technology – ransomware, zero-day exploits, or cutting-edge defense solutions. But behind every cyberattack is a team of people working long, grueling hours under intense pressure. The human side of cybersecurity is an often-overlooked facet of organizational resilience, and its importance is growing with every attack.
Recently, I spoke with a customer who had just endured a major cyber event. Their organization was hit with a cyberattack that shutdown the datacenter, forcing the IT and security teams into emergency response mode. One security analyst in particular worked for 36 hours straight, running on coffee and adrenaline. Initially praised for his dedication, it became clear that fatigue was starting to undermine his effectiveness.
This type of fatigue can impact people’s decision making causing them to make errors in judgment, misconfigure tools, and miss important signals. The cost of this overexertion isn’t just emotional – it can be a real risk factor in the recovery effort itself.
This story underscores a central challenge: cyber defenders are human. They have limits, and when those limits are exceeded, even the best tools or protocols can fail. Mental fatigue, stress, and burnout are now critical factors in cybersecurity posture. Companies that don’t plan for the human impact of prolonged response efforts risk compounding the damage of the initial attack. According to recent estimates, there are 4.8 million more cybersecurity professionals needed globally to secure organizations properly, according to the 2024 ISC2 Cybersecurity Workforce Study. The demand for talent far exceeds the supply, particularly for individuals experienced in handling real-world incidents. As a result, organizations are stretching their existing teams thin - often expecting them to do more with less.
The gap in cybersecurity expertise means that that employees who successfully handle incident responses become extremely valuable. Practitioners who have “been through the fire” and have defended an organization during a breach gain significant practical experience, turning them into highly sought-after professionals. Companies quickly recognize their expertise, often leading to aggressive recruitment efforts from other organizations eager to advance their own security maturity by leveraging this real-world experience." Ironically, this can lead to talent turnover just when organizations need continuity the most.
This dynamic creates a vicious cycle: organizations underinvest in staffing, a cyberattack happens, overworked defenders manage to contain it, and then those defenders are hired away. The organization is left even more vulnerable for the next event.
These pressures have brought renewed focus to the potential role of artificial intelligence in alleviating the human burden of cybersecurity. AI is not a silver bullet, but it can function as a powerful force multiplier. By automating routine tasks – such as log analysis, anomaly detection, or triage of low-level alerts – AI can free up human analysts to focus on complex decision-making. This helps reduce burnout and improves accuracy under pressure.
More importantly, AI can serve as a real-time support system for defenders during an incident. Machine learning models trained on historical attack data can surface playbooks and recommend actions based on similar past events. AI can also monitor behavioral patterns to flag when a human analyst might be making repeated mistakes – perhaps due to exhaustion – and prompt a shift change or a second set of fresh eyes.
But this human-AI partnership requires trust. Security teams must be confident that the AI is offering reliable insights and not just adding noise. This opens up the need for an AI system that is transparent and understandable to practitioners. It should also be able to work at a pace where practitioners can allow it to take on more tasks over time as they become more comfortable and begin to trust the system. The goal isn't to replace humans, but to support them – to help analysts avoid 36-hour shifts and enable better decision-making when stakes are high.
Addressing the human side of cybersecurity means investing in talent, providing mental health resources, creating realistic staffing models, and designing technology that supports people in meaningful ways. It also means recognizing that the war against cyber threats is not won with technology alone. It is won by people – resilient, trained, and supported people – who show up every day to protect what matters. Ultimately, cybersecurity is as much about people as it is about technology. It’s about the SOC analyst who hasn’t seen their family in two days because they’re trying to stop data exfiltration. It’s about the CISO who can’t sleep at night, knowing their team is understaffed and overworked. And it’s about the urgent need to create environments where defenders can thrive – not just survive.