author photo
By Cam Sivesind
Read more about the author
Tue | Jan 6, 2026 | 5:33 AM PST

Cybersecurity professionals are experts at measuring metrics—mean time to detect (MTTD), packet loss, uptime percentages, the list goes on. But there is one metric that has been trending in the wrong direction for years, and it's the most dangerous one of all: the mental health of the people behind the keyboards.

A recent study by Object First has shed light on a staggering reality: 84% of IT and security professionals feel uncomfortably stressed at work. Even more troubling, nearly half (47%) describe themselves as feeling "frazzled."

As threats become more sophisticated and the "always-on" culture of security persists, professionals aren't just facing a technology crisis; CISOs and their teams are facing a human one.

The anatomy of the burnout crisis

The Object First research, corroborated by insights from CSO Online, points to a "perfect storm" of stressors that are uniquely intense in our industry.

  1. The AI-powered threat escalation: Attackers are moving faster than ever. The pressure to keep pace with AI-driven ransomware and automated phishing creates a state of "perpetual hyper-vigilance."

  2. The "blame culture": Many professionals feel that a single mistake could lead to a company-ending breach—and that they will be the ones held publicly accountable.

  3. The talent gap and "toil": Understaffed teams are forced to do more with less, spending their days on "toil"—repetitive, manual tasks that provide little professional satisfaction but high levels of fatigue.

Why this is a security risk

Stress isn't just an HR issue; it is a security vulnerability. A "frazzled" analyst is more likely to miss a subtle indicator of compromise, misconfigure a firewall, or succumb to a social engineering attack. When our defenders are depleted, the entire organization is at risk.

What leaders and teams can do now

Organizations cannot wait for the threat landscape to become "easier." They must change how they operate within it.

For leaders

  • Normalize "no-blame" retrospectives: Shift the focus from "who failed" to "how the system failed." Reducing the fear of retribution can significantly lower baseline anxiety.

  • Invest in automation to reduce toil: Use your budget to automate the mundane. If your team is spending 60% of their time on manual log review, they don't have the cognitive bandwidth for strategic defense.

  • Model the behavior: If a CISO sends emails at 3:00 a.m., the team feels they must be "on" at 3:00 a.m. Set clear boundaries and respect "off" hours.

For teams

  • Establish "on-call" rotations: No one person should feel they are the only thing standing between the company and a breach 24/7/365.

  • Peer support: Create internal spaces where it is safe to admit when you are overwhelmed. Peer-to-peer validation is one of the strongest buffers against burnout.

  • Take the PTO: In cybersecurity, there is a "hero complex" that prevents people from unplugging. Real heroes realize that a rested defender is a more effective one. Encourage your teammates to use their vacation and sick time.

[RELATED: Battling Burnout: A Growing Concern for CISOs and Security Professionals]

If you are struggling: support resources

Cybersecurity is a high-stakes, high-pressure career. If you are feeling overwhelmed, hopeless, or just need someone to talk to, please reach out. You are not alone, and your life is worth more than any network uptime.

  • 988 Suicide & Crisis Lifeline (USA): Call or text 988 anytime in the U.S. and Canada. In the UK, call 111 or 999.

  • Crisis Text Line: Text HOME to 741741 to connect with a Crisis Counselor.

  • Mind Over Cyber: A nonprofit organization dedicated to improving mental well-being and preventing burnout in the cybersecurity industry through the teaching of accessible mindfulness techniques for defenders. (mindovercyber.org)

  • Mental Health Hackers: A non-profit that provides education and support regarding mental health for the InfoSec community. (mentalhealthhackers.org)

It's why nearly all of SecureWorld's 2025 in-person events featured mental health and wellbeing panel sessions, with cybersecurity peers sharing—often very candidly—how they and their teams handle stress. Some shared personal tales of wanting to (and in some cases trying) to take their own lives; of tolls taken on family and professional life; and positive tales of recovery and asking for help when they needed it.

The mission is critical, but so are the people. Start treating human assets with the same care given to digital ones.
Tags: Human Factor, Burnout, Mental Health, Stress,
Most Recent
Risk Management

Why CISOs Must Adopt the Chief Risk Officer Playbook

Most Popular
Cyber Attacks

Can We Trust Cybersecurity Firms that Fall Victim to Cyber Attacks?

More Like This
Security Awareness

NCA 'Oh, Behave!' Report Points to Humans as Top Cyber Risk

Comments