CISO Burnout – Epidemic, Endemic, or Simply Inevitable?

CISO burnout is increasing. Are we simply more aware of the condition? Or have demands on the CISO grown and burnout is now the inevitable result? 

In 2019, burnout was defined by the World Health Organization as an occupational phenomenon rather than a medical condition. In 2025, this non-medical condition, initially given the same symptoms as a bad headache (exhaustion, negativism, and reduced efficacy) has become endemic within cybersecurity, affecting team members and CISOs alike.

Two things are clear: firstly, burnout is way different and more extreme than a headache, and we haven’t yet adequately learned to predict, detect, and prevent it. Secondly, burnout is not a disease, it is the name we have given to the symptoms of an unspecified disease (just as a headache is the visible symptom of an unspecified disease).

Clearly, we need to understand the cause of burnout (the underlying disease) and its treatment ...