On-call burnout is an alarm configuration problem, not a headcount problem
The instinct when on-call burnout shows up is to hire. Add a fourth person to the rotation, spread the pages thinner. It helps for a month, then the same alarms fire just as often, now against four people instead of three, and burnout creeps back. Burnout isn't caused by too few people on rotation — it's caused by too many pages that didn't need a person at all.
What actually causes on-call burnout?
On-call burnout is the result of a low alert-to-action ratio sustained over time: engineers get paged repeatedly for things that don't require action, and their nervous system learns to treat every page as noise before they've even opened the alert. Adding headcount dilutes the frequency per person but doesn't fix the ratio — the fix is reducing pages that aren't actionable, not spreading them out.
The alert-to-action ratio: the one number that predicts burnout
Alert-to-action ratio = alerts that led to a real fix or genuine investigation, divided by total alerts sent. Below 50%, more than half of every page is noise — engineers learn within weeks that most pages don't matter, and start responding slower to all of them, including the real ones. Above 80%, on-call feels earned: most pages mean something.
| Alert-to-action ratio | What it means | Trajectory |
|---|---|---|
| Under 50% | More than half of pages require no action — pure noise | Trained-ignore behavior sets in within weeks; real incidents get missed or delayed |
| 50–80% | Meaningful noise still present, but on-call trusts most pages | Sustainable short-term, worth auditing before it drifts down |
| Above 80% | Most pages correspond to a real, actionable condition | Healthy — the rotation is the bottleneck to protect, not the alarms |
You don't need a fancy tool to compute this — pull your paging tool's alert history for the last 30 days and tag each one "actioned" or "no action taken" based on whether the on-call engineer did anything beyond acknowledging it. Most teams have never actually done this exercise and are surprised by the number.
The five alarm anti-patterns that cause burnout
- Static thresholds on metrics with daily or weekly seasonality — a CPU alarm tuned for peak traffic fires every night during the low-traffic trough, or every Monday morning during the traffic ramp. The fix is usually a time-bucketed baseline or a metric math expression that accounts for the pattern, not a single flat number.
- Symptom alarms with no downstream action — an alarm exists because it seemed prudent to add, but nobody has ever written a runbook step for what to do when it fires. If the answer to "what do you do when this pages" is "look at it and go back to sleep," it's not an alarm, it's a notification that should be a digest.
- Duplicate alarms across layers for one root cause — an ALB 5xx alarm, an ECS task error alarm, and an application-level error tracker alert all fire for the same underlying deploy bug. One incident becomes three pages. Composite alarms or clear ownership of "which layer pages first" collapses this back to one.
- Alarms with no self-heal check — a metric spikes for 90 seconds and recovers on its own before a human even opens their laptop, but the alarm already paged. Without a check that re-verifies the condition before notifying, every transient blip becomes a page.
- No severity tiers — every alarm uses the same notification channel and urgency regardless of whether it's a hard outage or a soft degradation. When "disk is at 70%" pages exactly the same way as "service is down," on-call stops being able to triage by instinct and starts treating every page as equally low-priority.
How to audit your existing alarm setup
- Pull every alarm's state-transition history for the last 30-90 days (CloudWatch console or DescribeAlarmHistory API).
- For each alarm that fired, tag it: led to a fix, led to genuine investigation with no fix needed, or no action taken.
- Compute the alert-to-action ratio per alarm, not just in aggregate — a handful of chronically noisy alarms usually account for most of the damage.
- For every alarm below a 30% action rate, either raise the threshold, add a self-heal recheck before paging, route it to a digest instead of a page, or delete it outright.
- Re-run the audit 30 days later. A ratio that improves and holds means the fix worked; one that drifts back down means a new noisy alarm has replaced the old one.
What a verification pipeline does instead of a static threshold
The anti-patterns above share a root cause: a threshold crossing gets treated as equivalent to an incident, with nothing in between. A verification pipeline inserts checks between "metric crossed a threshold" and "a human gets paged" — the same principle whether you build it yourself with metric math and Lambda, or use a product that does it for you.
Nuberio Watch's pipeline is one concrete version of this: every anomaly runs through 9 checks before a page goes out — a self-heal recheck (is the metric still anomalous right now, or did it recover in the last few minutes), an AWS Health check (is this a known AWS-side event), a recent-deploy check (did this correlate with a deploy in the last 120 minutes), a service-quota check, a resource state-change check, a security-finding check against GuardDuty and Security Hub, a flapping check (more than 5 anomalies on this metric in 24 hours routes to a daily digest instead of a page), a TLS certificate-expiry check, and an Inspector vulnerability-finding check. Most of these checks either suppress the alert outright or attach context so the page that does arrive is worth opening immediately.
Related reading
Frequently asked questions
Frequently asked questions
What is the alert-to-action ratio?
It's the percentage of alerts that led to a real fix or genuine investigation, out of all alerts sent. Below 50%, most pages are noise and on-call engineers develop trained-ignore behavior. Above 80% is a healthy target — most pages should mean something.
Does adding more people to the on-call rotation fix burnout?
It reduces how often any one person is paged, but it doesn't fix the underlying alert-to-action ratio — the same volume of noisy pages is now spread across more people. Burnout returns once each person is back to a similar page frequency as the team grows or the noisy alarms aren't addressed.
What's the difference between an alarm and a notification?
An alarm should require a human to take an action — investigate, fix, or explicitly decide to accept risk. If the standard response to a page is to acknowledge and go back to sleep with no follow-up, it isn't providing signal that warrants waking someone up — route it to a digest or dashboard instead of a page.
How often should you audit your alarm configuration for noise?
Every 30-90 days, or immediately after a burnout complaint or a noticeable increase in page volume. Alarm noise accumulates gradually as new services and alarms get added without old, now-irrelevant ones being removed — a scheduled audit catches this before it compounds.
Can a self-heal check alone fix most on-call burnout?
It fixes the largest single category — transient spikes that resolve before a human responds — but not all of it. Duplicate alarms across layers, missing severity tiers, and symptom alarms with no runbook still need to be addressed separately. A self-heal check is the highest-leverage single fix, not a complete solution.
Related reading
Still debugging incidents manually?
Nuberio does this automatically — root cause in under 60 seconds, delivered to WhatsApp or Slack.