A troubling trend is emerging in corporate cybersecurity: Chief Information Security Officers are burning out and leaving at unprecedented rates. A recent survey found that 75% of CISOs are considering a career change.
The Numbers
- Average CISO tenure: 18 months (down from 26 months in 2022)
- 75% report unsustainable stress levels
- 62% say their mental health has deteriorated
- 44% use alcohol or substances to cope
Why They're Burning Out
CISOs face an impossible mandate: protect everything against every threat with inadequate budgets and understaffed teams. They're blamed for breaches but not empowered to make necessary changes. Regulatory compliance requirements grow annually.
The personal liability aspect is particularly crushing. After the SolarWinds and Uber CISO criminal charges, security leaders fear personal prosecution for their organization's failures.
What Needs to Change
Organizations must treat cybersecurity as a board-level concern with appropriate resources. CISOs need executive support, adequate budgets, and legal protections. The industry is also exploring "shared CISO" models and AI-assisted security operations to reduce the human burden.
