This document presents findings from a live poll conducted during RSA 2025 Learning LAB3-M05, "Building Resilience: CISO Skills Development and Burnout Prevention", facilitated by Deidre Diamond, Founder and CEO of CyberSN and Founder of Secure Diversity, and Peter Coroneos, Founder of Cybermindz.org.
The poll collected real-time responses from 70 cybersecurity leaders, revealing the hidden stressors, burnout risks, and leadership challenges impacting our industry today.
“Burnout isn’t a personal failing, it’s a workforce risk. When leaders are overwhelmed, the whole organization is at risk. Our protectors need protection.”
— Deidre Diamond, Founder and CEO, CyberSN, and Founder, Secure Diversity
“We can’t wait for culture to change before we act. The stress is here now. The solution starts with small, human-centered interventions—and it starts with leadership.”
— Peter Coroneos, Founder, Cybermindz.org
Q: What best describes your current role?
Our survey respondents predominantly hold senior positions, with 54% serving as CISOs or Heads of Security and another 34% in director or manager-level roles. This indicates that our data primarily reflects the experiences of decision-makers with significant responsibility for organizational security postures.
Q: How many years of leadership experience do you have in cybersecurity or adjacent fields?
The cybersecurity leadership community surveyed is highly experienced, with 58% having 8 or more years of leadership experience. Only 22% have less than 4 years of experience, suggesting that burnout issues affect even the most seasoned professionals in the field.
Q: How would you rate your current level of burnout risk? (Think: Emotional depletion, disengagement, self doubt in role) Single-choice scale (1 to 5)
The cybersecurity leadership community surveyed is highly experienced, with 58% having 8 or more years of leadership experience. Only 22% have less than 4 years of experience, suggesting that burnout issues affect even the most seasoned professionals in the field.
Q: How would you rate your current level of burnout risk? (Think: Emotional depletion, disengagement, self doubt in role) Single-choice scale (1 to 5)
The cybersecurity leadership community surveyed is highly experienced, with 58% having 8 or more years of leadership experience. Only 22% have less than 4 years of experience, suggesting that burnout issues affect even the most seasoned professionals in the field.
Q: How would you rate your current level of burnout risk? (Think: Emotional depletion, disengagement, self doubt in role) Single-choice scale (1 to 5)
The majority of cybersecurity leaders report signs of burnout, with nearly half (46%) experiencing noticeable fatigue and another 17% showing frequent symptoms of high stress. Just 4% say they feel energized and thriving, pointing to a troubling lack of well-being at the leadership level.
These results underscore how common burnout has become among security leaders. Operating under chronic stress appears to be the norm, posing serious risks to both individual health and organizational resilience. When leadership operates with diminished capacity, it can affect decision-making, team performance, and the ability to manage cyber risk effectively.
Q: From this list, what are the main challenges impacting your individual stress levels? (Select ALL that apply to you)
The poll identified information overload as the leading source of stress, with 67% of respondents reporting fatigue from constant alerts, emails, and communications. This technological overwhelm is closely followed by shifting priorities (64%), creating an environment of perpetual urgency and context switching that drains mental resources.
Structural issues within organizations also significantly contribute to burnout, with manager burnout from understaffing (51%), inability to upskill (49%), and economic pressures from layoffs and budget cuts (47%) rounding out the top five stressors. These findings highlight how organizational communication directly impact the well-being of security leaders.
Cybersecurity leaders are not facing isolated challenges—they are navigating what Peter Coroneos describes as “stacked stressors”: multiple, overlapping demands that compound mental and emotional strain. Based on the RSA 2025 poll, each respondent selected an average of 7.64 out of 21 possible stressors, confirming that burnout in the sector is driven by an accumulation of stress factors rather than a single pressure point.
From constant digital communication and shifting priorities to understaffing and limited opportunities for upskilling, the data reflects a workforce stretched across too many fronts. Addressing these stacked stressors requires both systemic change and immediate interventions to protect the mental wellbeing of those charged with defending our digital world.
Communication Overload (“Alert Fatigue”) – 67%
"I asked the room to define alert fatigue. I assumed they meant SIEM or SOC alerts. Instead, they were talking about internal communication: email, Slack, Teams, Jira, WhatsApp, and project tools. While I was extremely surprised by this response, I knew this was a stressor I just didn't think it would be in the top 5 of stressors. I am feeling bittersweet about it. I know how much of a problem this is. It seems easier to solve than the ever-growing attack surface challenge, and yet, if it were easy, it would already be solved.
This tells me that this isn't a tooling issue, it's company culture. We need communication training, clear policies, and procedures. For example: What should be a phone call vs. an email and what are the response time expectations? The current chaos is triggering our neural pathways nonstop. It's not healthy, and we must solve it."
Priority Conflicts and Constant Change – 64%
“This one wasn't surprising. With two-plus years of economic chaos, change is more constant than ever. Change of strategy, change of financial situations, change of roles and responsibilities, change in leadership, change of business operation locations and timezones have all led to constant change of priorities and policies. Thus, causing severe disruption.
Understaffing and Burned Out Managers – 51%
“After two-plus years of downsizing and budget freezes, leaders are stretched thin. Combine that with the top two stressors: communication and priorities, and it’s no surprise 63% of respondents report signs of burnout. This is a capacity crisis.”
No Time for Upskilling – 49%
“Upskilling sounds great in theory, yet when we are buried in reactive communication and never caught up, who is going to have the time to be trained? We are constantly behind—how do we carve out the time, or even the mental clarity, to learn? We don't and that stunts both personal growth and organizational agility."
Layoffs, Budget Cuts, and Outsourcing – 49%
“Layoffs don’t just affect those who leave. Those who stay experience anxiety, survivor’s guilt, and more work. And often, no one talks about it. That silence magnifies the stress.”
Toxic Culture – 44%
“It breaks my heart that nearly half of the room said they’re navigating toxic cultures. The word toxic means poisonous or very harmful or unpleasant in a pervasive or insidious way. It’s a massive vulnerability when our defenders are being harmed by their own environments. Our protectors having to deal with toxic cultures is an oxymoron in itself and the strongest of vulnerabilities we face.
To think that this stressor wasn't in the top five and was in the number seven spot just goes to show how much workload and workload-related communication are hurting us—even more than toxic culture itself. Toxic cultures being ranked number seven versus in the top two may be because we have moved to a mainly remote workforce culture and therefore handling toxic cultures is easier than handling operational communication."
Creating a healthy communication culture and having clear roles and responsibilities isn't just a people issue—it's a cybersecurity challenge. When our protectors are overwhelmed, the entire organization is vulnerable.
Build a positive security culture and learn more about CyberSN's Cyber Workforce Risk Management Program.
