Skip to main content
CybersecurityIncident Response

Cybersecurity Burnout Spurs Call for Risk-Based Response

Exhausted cyber professional sits at cluttered desk surrounded by empty coffee cups.

One in two cyber professionals report experiencing burnout weekly or daily, according to research published by Cybermindz.

Cybermindz reframes burnout as an operational risk

In its fourth year, cyber resilience non-profit Cybermindz is urging organizations to stop treating burnout as a standalone wellness issue and to reposition it as a critical risk that affects operational resilience. Peter Coroneos, Founder of Cybermindz, told Infosecurity that positioning solutions as wellness offerings “can limit both understanding and engagement” and that such framing has resource implications because “solutions perceived as training or wellness initiatives are often seen as discretionary spending, rather than integral to cybersecurity.”

Coroneos argues a risk-based conversation will “have more traction and unlock more resources to support teams that are doing the difficult work,” singling out funding and executive attention as the levers that shift when burnout is treated as a corporate risk.

Poll of 101 cyber professionals: scope and severity

Cybermindz’s poll of 101 cyber professionals found widespread and repeated symptoms. One in two respondents experience burnout on a weekly or daily basis; 66% reported moderate or high emotional exhaustion; and 54% showed two or more concurrent burnout indicators. Those figures frame burnout not as isolated distress but as a common, multifactor problem across security teams.

iRest® Impact Study: measurable improvements after targeted training

Cybermindz published the iRest® Impact Study on May 27, reporting results from 275 cybersecurity professionals across multiple training cohorts delivered between 2022 and May 2026 using the military-proven iRest® (Integrative Restoration) protocol. The study states that organizations that invest as few as eight hours of targeted resilience training can see “transformative operational resilience.”

Measured effects cited in the study include an average gain of 26 minutes of sleep per night and a 16% overall improvement in sleep quality. Using the Maslach Burnout Inventory across three measures—emotional exhaustion, cynicism, and professional efficacy—the study reports continuous improvement across participants: emotional exhaustion decreased 19%, cynicism decreased 26%, and professional efficacy increased 10%.

The training also corresponded with a 71% reduction in participants showing attrition risk, falling from 27% to 8%. The study describes the attrition warning zone as “marked by moderate cynicism” and “regarded as the strongest predictor of resignation.”

Operational consequences: trauma, capability loss, and board-level conversations

Cybermindz links individual wellbeing directly to organizational capability. Coroneos warned that staff at firms hit by significant ransomware attacks have shown evidence of “what appears to be trauma-like symptoms.” He cited a specific conversation with “a CSO in Luxembourg that lost six out of ten at his team due to trauma after a major insider attack,” and added: “This has real world effects in terms of capability and capability degradation translates into elevated risk.”

That line of argument is part of the group’s push for a risk-based framing: it allows CISOs to elevate mental-state concerns into board-level discussions about corporate risk exposure rather than treating interventions as optional wellbeing extras.

What this means for CISOs, cyber teams, and procurement leaders

  • CISOs: Reframing burnout as a control and resilience issue creates a case to discuss mental-state metrics and mitigation investments at the board level, potentially unlocking non-discretionary resources.
  • Cyber teams and technologists: The iRest® Impact Study reports measurable gains—sleep, lowered emotional exhaustion, reduced cynicism, and increased professional efficacy—after as little as eight hours of targeted training, offering a concrete intervention to consider.
  • Procurement and budget holders: Cybermindz warns that when programs are labeled purely as wellness or discretionary training they may not receive sustained funding; positioning interventions as risk-mitigation measures may change procurement priorities.

Cybermindz presents its case publicly: Coroneos will deliver a keynote titled Human Capability Risk in Cyber Teams: When Burnout Becomes a Control Opportunity at Infosecurity Europe on Thursday, June 4, 2026, 11:00am–11:35am BST on the Keynote Stage at ExCeL London. The organization’s published data and the specific, repeated improvements the iRest® Impact Study reports pose a clear proposition to security leaders: invest targeted training to reduce measurable burnout indicators and lower attrition risk, and treat workforce mental state as a component of enterprise risk, not an optional wellness perk.

Original story