The Human Impact of Ransomware: IT Professionals Are Being Pushed to the Limit
ASThe threat of ransomware continues to rise, with 66% of businesses having experienced at least one ransomware attack in the last two years.
While discussion around the impact of these attacks is most often centered on how it affects business, new research from Object First shows that the human impact is just as significant. 84% of IT pros surveyed stated they feel uncomfortably stressed at work due to IT security risks, while 78% fear they’ll be personally blamed for security incidents.
These figures are striking—but it’s just as important that we see the individuals behind these statistics.
That’s why, in this blog, we’ll delve into the research in more detail, as well as some comments from individual IT professionals on the online Spiceworks community to see how they’re coping with IT burnout.
IT Workers Feel Extreme Responsibility
One of the first questions that comes to mind reading the headline stats above is: where does all this stress come from?
One data point points to a possible answer: 55% of those surveyed identified heavy workloads and understaffed teams as the leading sources of stress in their roles—followed by concerns about cyberattacks and the pressure to maintain uptime and service availability.
While the potential financial and reputational impacts of a ransomware attack on a business are huge, the survival and recovery of an organization is an extreme burden to place on teams that may often only consist of a handful of people. In a recent community poll about concerns over ransomware, Spiceworks user Guvna made it clear they’re feeling the pressure:
“The IT security stops with me, and despite doing everything I can to mitigate such risks, ultimately, it only takes the bad actors to find ONE way in, and they’re in. Ransomware, exfiltration, pain, problems. And who does the immediate finger get pointed at? Even with air-gapped backups, someone has to take the blame for something.”
Leadership and IT on Different Pages
While it’s not necessarily a question of blame, both our research and outreach do point to IT workers feeling significant pressure from senior management. 47% of those surveyed report feeling pressure from leadership to “fix everything” in the aftermath of a security incident.
It’s not just during post-attack recovery that IT professionals feel the pinch, however. There’s a real sense among those we spoke to that upper management is not always aware of the significance of ransomware—or not convinced of the value of ransomware protection—until something goes wrong.
This leaves many IT professionals not only feeling unheard but also makes them feel they’re taking on the struggle alone. In that same survey, according to Spiceworks user MerlinYoda:
“Only after things actually go south do upper management truly see how great the issues that they were warned about actually were. Until it’s figuratively at their front door, the probability of the risk is judged as being not that great—so any costs associated with mitigating that risk are then weighed accordingly.”
Excess System Complexity Creates Additional Burden
Beyond the work environment, the data shows that the actual tools IT professionals use may also contribute to IT burnout.
74% said their data recovery tools are too complex to be used without security expertise, and 67% believe faster, higher-performing backup solutions that minimize downtime would significantly boost productivity and confidence in responding to cyberattacks.
In some cases, technology is not only complex but also outdated. However, getting the right leverage to increase spend on new technologies is often difficult, especially without a tangible threat, as Spiceworks user Nonya notes:
“Experiencing [an attack] […] is the only real way to get any spending on security... This can be applied to hardware failure, too… you can warn execs a million times that our infra is outdated and on its last legs, but until it finally implodes, you’ll never get leverage…”
Wellbeing and Mental Health Underprioritized
It’s clear that all the elements above combined are taking a significant emotional toll on the IT workforce, with one in five (18%) feeling “hopeless and overwhelmed” during and after a security incident. But there’s evidence that mental health and wellbeing are underprioritized in “normal” times, too.
50% of those we surveyed feel their companies don’t consistently prioritize employee wellbeing and mental health—and even those who have never been through an attack are concerned about the impact on their health, themselves, and those around them. According to Spiceworks user Iwan.W.Kanten:
“Even though I’ve never experienced an active attack myself, I’m still concerned. I’ve seen the aftermath. The enhanced security, the stress, the low-key PTSD in the IT department… it’s real.”
IT Burnout Threatens Business Resilience
This brings us to a final striking stat in our research: 59% of those surveyed have considered or actively begun looking for new jobs due to work stress. Spiceworks user Guvna doesn’t sugarcoat it:
“This [ransomware stress] is the number 1 reason why I’m giving it serious consideration to just giving up on IT altogether and going into another trade […] The anxiety is getting worse and worse. Perhaps it’s time to let someone else take over the reins and go paint fences for a living.”
It’s a sentiment that poses real threats for the wider IT industry—and the timing couldn’t be worse. David Bennett, CEO, Object First, notes:
"The mounting stress on IT and cybersecurity professionals isn’t just an HR issue; it’s a business resilience challenge. Our research shows that the pressure to be the last line of cyber defense is taking a serious toll on these professionals’ mental health and job performance. As cyber threats continue to escalate in frequency and sophistication, the risk of compromised productivity and loss of top talent to burnout could leave organizations more vulnerable than ever.”
We can’t possibly continue the fight against ransomware without the invaluable skills, knowledge, and dedication of IT workers. So, what needs to be done?
Small Steps to Combat IT Burnout
We can’t stop ransomware overnight—nor can we immediately address all the causes of IT burnout that many industry professionals are facing.
We can, however, give IT professionals the tools they need to help manage workplace pressure and stress.
Object First has collaborated with Cybermindz, a San Francisco–based nonprofit focused on mental resilience for the IT and cybersecurity community, to release a short video exploring stress and burnout in IT, practical recovery steps, and the role of leadership in mental health.
Alongside the video, they offer resources such as tools to identify IT burnout, how to manage workplace pressure and measure stress, as well as complimentary access to the Cybermindz iRest® Protocol—a simple, research-backed 10-step practice that can be completed in 10–20 minutes to help reduce stress, restore focus, and improve sleep.
For immediate support, additional resources are available:
- Suicide & Crisis Lifeline: If you are in the United States, dial 988. Outside the U.S.: Visit www.findahelpline.com for country-specific hotlines.
- National Alliance on Mental Health (NAMI): Call 1-800-950-6264 or text NAMI to 62640.
About the Survey
Object First commissioned Dynata to conduct a survey of those who work in IT or Security roles in the United States to understand how they’re dealing with the increasingly severe cyberattack landscape, and the resulting mental health and emotional strain of IT and security professionals in 2025. The survey polled 500 IT and security workers—at entry to executive levels—at companies of all sizes.
About Object First
Object First believes no one should ever have to pay a ransom to recover their data. Our backup storage appliance, Ootbi (Out-of-the-Box Immutability), is purpose-built for Veeam users and ransomware-proofs data for organizations of any size. Secure, simple, and powerful, Ootbi is the best storage for Veeam. To learn more, visit www.objectfirst.com, follow our blog, and connect with on LinkedIn and Instagram. Subscribe to the Object First Zero Gravity podcast here.
