Fighting Fatigue: A Whitepaper on Cyber Risk and Wellbeing

Discover how the impact of remote working on wellbeing affects company cybersecurity imperatives.

Much of the evidence below comes from 2020-2022 research on pandemic-era remote work. It still helps explain why hybrid teams face enduring cyber and wellbeing risk.

The Story So Far: Covid-19 and Its Effect on Businesses

In 2020, the arrival of Covid-19 rapidly transformed the business landscape and pushed most commerce and communications online, with lasting effects on how firms operate.

Businesses dramatically accelerated the digitalisation of their supply chain and customer interactions. McKinsey reported that organisations moved 3 to 4 years ahead of their digital transformation projections.

The same study found that 55% of global products and services were partially or fully digitised, with 58% of customer interactions taking place digitally.

During the UK lockdowns in 2020, an estimated 46.6% of employed individuals worked from home in some capacity.

Although remote working was initially treated as temporary, an early Gartner survey found 82% of companies planned to allow employees to work remotely at least one day a week.

The Dangers of a Digital Approach

As businesses establish long-term plans for hybrid and remote work, security outside the office remains a central concern.

According to hybrid work security research, workers faced several IT challenges, including:

• 44% with poor connectivity
• 41% with lack of IT support
• 30% with difficulty navigating technical problems

These issues affected company efficiency, with 54% of employees reporting lost periods of productivity.

Concerns over security measures were also high, with 78% of senior IT personnel believing their organisations lacked sufficient protection and 20% of business leaders naming data breaches as their top cyber concern.

With employees working across different locations, the traditional castle and moat approach is less viable, giving firms less direct control over cybersecurity.

The potential impact from remote working stretches beyond IT. Research on the psychological effects of remote work, fatigue, and digital communication helps explain how employee wellbeing connects to organisational cyber risk.

How Has Remote Working Changed the Average Workday?

With remote working blurring the lines between home and the office, 56% of employees found it harder to switch off after work.

Known as the always-on approach, remote employees spent more time working. The Office for National Statistics found homeworkers averaged 5 hours a week more than office-based employees.

Longer remote hours increased reliance on communications technology, with businesses seeing a 50% increase in overall email use.

Employees spent an average of 28% of their day reading and responding to emails, and 36% of home workers felt they constantly needed to be at their computers to respond quickly.

That pressure extended the average workday by 48.5 minutes, with 92% of homeworkers replying to emails outside office hours.

When remote workers were surveyed, 89% said increased email use was one of the most unpleasant parts of working remotely, and 54% would rather commute than keep managing email and notification overload.

Email was not the only channel under strain. Company use of video chat grew by 54% early in the pandemic, and Microsoft's 2022 Work Trend Index reported that time in weekly virtual meetings had grown 150% compared with pre-pandemic levels.

Despite more meetings, Harvard Business School and NYU research reported via UNSW found shorter meetings but longer overall working days during lockdowns. One-third of workers said video calls were among the most unpleasant parts of their day, and 44% wanted more meeting-free days.

The Impact of Working from Home on Employee Wellbeing

Although remote working brought benefits, extended hours and heavier digital communication affected employee wellbeing. An estimated 44.4% of remote employees experienced a decline in mental health since the start of the pandemic.

Those working from home were 30% more likely to report a decline in mental health than office-based employees, with fatigue and stress common.

High fatigue became common for homeworkers, with 37% of employees reporting disturbed sleep and 52% feeling they were not getting enough rest.

According to SHRM research on Covid-19 and workplace mental health, employees reported:

• 35% feeling tired or having little energy.
• 41% feeling burned out from their work.
• 45% feeling emotionally drained from their work.
• 44% feeling used up at the end of a workday.

That lack of energy was felt most strongly during email and video calls.

London South Bank University found staff energy levels depleted faster when working from home with extensive online communication. Email fatigue was predicted to be a main reason one-third of office workers would eventually leave their jobs.

In the UK, 800,000 people experienced work-related stress, anxiety, or depression in 2020-21, with an estimated 17.9 million working days lost each year to mental health-related absences.

Among staff working from home, 41% considered themselves highly stressed, compared with 25% of on-site employees.

Email was a significant contributor. A study involving monitoring of employee heart rate during computer use found that more time on email in an hour correlated with higher stress in that hour.

Frequent after-hours email also increased anxiety through anticipatory stress, keeping people alert when they should be off the clock.

How Does Low Employee Wellbeing Affect Company Cybersecurity?

Low wellbeing can widen the gap between how secure a firm thinks it is and how staff behave day to day. Mistakes often contribute to cyber risk within an organisation, commonly grouped as human error.

Tessian research reported via IFA Magazine found 43% of employees had made mistakes with cybersecurity repercussions for themselves or their company.

Wellbeing belongs in any cybersecurity strategy. UK ICO incident reporting has repeatedly placed misdirected email and other people-led errors among the most common breach categories.

When mental health and workload affect concentration, Tessian's Psychology of Human Error research reported that:

• 52% of employees make more mistakes when stressed.
• 43% make more mistakes when tired.
• 41% make more mistakes when distracted.

"When teams are tired and living in always-on email, security policy can feel like extra friction. Wellbeing and practical controls need to work together so the safer route is the easier one."

Paul Holland, Founder and CEO, Beyond Encryption (Mailock)

Fatigue then shows up in everyday security habits, especially around passwords and email.

Fatigue and Cybersecurity

Burned-out employees are:

• 3x as likely to feel that security rules and policies are not worth the effort.

When sending company emails:

• 58% of employees have sent an email to the wrong person.
• 44% of those workers cited fatigue as the main contributing factor, according to the same Tessian research.

Stress can affect short and long-term memory. For cybersecurity, tired or overloaded people may be more likely to forget:

• Cybersecurity or compliance training they have completed.
• To check inbound messages for fraudulent links or files.
• To check outbound messages that include sensitive data are going to the right recipient.

"Staff wellbeing is a fundamental part of maintaining a secure digital perimeter."

Sam Kendall, Digital Marketing, Beyond Encryption (Mailock)

Those human factors translate into financial, regulatory, and operational consequences when wellbeing is ignored.

Why Should You Care?

Neglecting employee wellbeing can increase cyber risk. For organisations that overlook it, the consequences can include:

Cost: A 2011 Cabinet Office estimate put the annual cost of cybercrime to the UK at £27 billion. Later government and industry reporting suggests the figure is higher, but the scale of harm remains material.

Compliance: Failing to meet compliance measures can result in fines from regulators. UK GDPR breaches can carry a maximum fine of £17.5 million or 4% of annual global turnover.

Customer loss: A breach of client data can damage reputation, with 20% of companies in Tessian's research losing customers after an email was sent to the wrong person.

Company downtime: After a cyberattack, organisations often face long interruption. The average ransomware-related downtime period was around 22 days in global data cited for 2021.

How to Tackle Poor Employee Wellbeing: Company Culture

Addressing work-related mental health needs stronger culture as well as technology.

Support for work-related mental health often falls short. In a 2021 survey, less than one-sixth of employees felt their mental health was well supported, and 51% felt pressure to hide concerns at work.

68% of workers said they would rather talk to a robot than their manager about stress or anxiety.

78% of surveyed employees wanted their company to do more to listen to their needs.

Remote work removes transition time between work and home, which makes it harder to switch off and adds to fatigue.

In a 2021 SME homeworking survey, remote workers said employers could help prevent burnout by:

• Keeping work expectations within working hours - 59%
• Encouraging fitness and wellness programmes - 59%
• Organising regular fun breaks with colleagues - 46%
• Reducing large workloads - 41%
• Encouraging annual leave - 26%

Culture changes need matching support from training and security tooling.

How to Tackle Poor Employee Wellbeing: Technology

42% of UK working adults feared making a mistake that could affect their company's cybersecurity, with remote workers (63%) feeling more at risk than on-site staff (51%).

Cybersecurity training is one response, but many businesses underinvest in it.

Early in the pandemic, two-thirds of remote workers had not received cyber training in 2020, and only 11% of businesses regularly provided security courses to non-cyber employees.

More recent surveys suggest more remote staff (59%) receive cyber training, but 61% still failed basic knowledge tests in one 2023 TalentLMS survey.

Firms need better training quality and more practical reinforcement, so people retain what they need when they are under pressure.

Security software also matters. For mis-sent email specifically, controls such as recipient authentication, encryption, and message tracking can reduce harm when someone is rushing or distracted.

Technology can support employees rather than add friction. 45% of remote employees who did not follow security policies said they would be more likely to comply if technology made secure behaviour easier.

In 2020, 37% of companies increased data security spending. Hybrid work security research found firms investing in one-time password technology (51%), biometric authentication (40%), and mobile identity verification (36%).

FAQs

How Can Cyber Risk Affect Employee Wellbeing?

Constant alerts, remote working pressures, and unclear processes can create fatigue, which makes mistakes more likely.

Why Does Wellbeing Matter to Cybersecurity?

Tired or unsupported employees are more likely to miss warning signs, rely on shortcuts, or mishandle sensitive information.

What Can Organisations Do to Reduce Fatigue-Related Risk?

Improve culture, simplify tools, train people clearly, and use technology that reduces manual pressure rather than adding more steps.

References

Before You Hit Send, IFA Magazine, 2020

How Covid-19 Has Pushed Companies Over the Technology Tipping Point, McKinsey, 2020

Coronavirus and Homeworking in the UK, Office for National Statistics, 2020

Characteristics of Homeworkers, Great Britain, Office for National Statistics, 2023

Gartner Survey on Remote Work Trends, Gartner, 2020

Hybrid Work Security Concerns, HelpNetSecurity, 2021

10 Steps GCs Can Take to Minimise Data Security Risks, LexisNexis, 2021

Navigating the Hybrid Work Environment, Verizon, 2021

Mental and Physical Health Impacts of Home Working, RSPH, 2020

Email Overload and Mental Health, WebsitePlanet, 2023

Remote Work and Mental Health Strain, Nuffield Health, 2021

Email Fatigue and Notifications, ZDNet, 2023

Covid-19 Use and Adoption of Communication Channels, Statista, 2021

Work Trend Index: Hybrid Work, Microsoft, 2022

Vital Signs: Shorter Meetings but Longer Days, UNSW, 2020

Millions Exhausted and Lost Focus During Pandemic, Mirror, 2021

Impact of Covid-19 on Staff Energy, London South Bank University, 2021

Health and Safety Statistics 2020/21, HSE, 2021

Working Days Lost to Stress, HSE, 2021

Stress of Working From Home, Verywell Mind, 2021

Email Is Making Us Miserable, The New Yorker, 2016

Anticipatory Stress from After-Hours Email, Colorado State University, 2019

Data Security Incident Trends, Information Commissioner's Office, 2025

The Cost of Cyber Crime, UK Cabinet Office, 2011

DPA and GDPR Penalties, IT Governance, 2024

Ransomware Downtime Statistics, Statista, 2022

Covid-19 and Mental Health in the Workplace, SHRM, 2020

Mental Health Pressure at Work, The Guardian, 2021

Workers Trust Robots More Than Their Managers, HR Magazine, 2021

UK Workers Believe AI Offers Better Career Support Than People, HR Magazine, 2021

Working From Home Survey, Wildgoose, 2021

State of Secure Access, 1Password, 2021

Study: Fear of Mistakes, Startups Magazine, 2022

Cybersecurity Failure Rates, HR Executive, 2023

What Good AI Cyber Security Looks Like Today, IT Pro, 2020

Cybersecurity Statistics Survey, TalentLMS, 2023

Cybersecurity Skills Report, UK Government, 2020

Reviewed by

Sam Kendall, 30.05.26

This content is for general information only and is not legal advice.