Maksim Kabakou - Fotolia
We need to build psychological readiness into cyber security
The Computer Weekly Security Think Tank considers the burdens and responsibilities that accompany the role of chief information security officer, and share guidance on how to navigate a challenging career path.
Working in the cyber security industry has always been high-pressure but we have seen that pressure intensify. Advancing threats, expanded attack surfaces, rising workloads and a global skills shortage are all having a negative effect on the mental health of many cyber security professionals.
According to Hack The Box’s 2024 research, a staggering 84% of cyber security professionals report stress, fatigue, or burnout. These findings show that this is no longer just a wellbeing issue, it’s now a strategic risk.
For CISOs and business leaders, burnout often leads to errors, delayed response times and attrition that affects the already critical skills gap. Our research found that in the UK alone, stress-related productivity loss costs cyber organisations an estimated £130m annually. This results in longer onboarding times and increased pressure on those who remain within the organisation.
The personal toll is just as bad. 74% of cyber security professionals globally have taken time off because of work-related mental health issues, averaging 3.4 sick days per year. Yet there is still a disconnect between executive leadership and those defending the front lines. 90% of CISOs globally express concern about the impact of stress and burnout on security but only 47% of CEOs share that concern.
Upskilling for real-world readiness
Many organisations focus on closing the talent gap by hiring more staff but the real opportunity lies in developing and retaining the talent they already have. Traditional training often falls short by being too generic and detached from real-world experience. It doesn’t help professionals manage the pressures that come with defending live systems.
Hack The Box’s research into stress and burnout revealed that the mental demands on cyber defence professionals are just as critical as the technical ones. During a live incident, the ability to make fast, accurate decisions under pressure is what separates effective responders from overwhelmed ones.
Most cyber security training focuses on improving technical proficiency, from penetration testing to incident response. However, real-world attacks introduce an additional variable that is rarely addressed - stress. Under high-pressure conditions, attention narrows, reaction times slow, and even the most skilled professionals will struggle.
This is why psychological readiness needs to become a core component of professional development. By simulating high-pressure scenarios that mirror actual breaches, security professionals can learn to recognise stress triggers and develop emotional regulation alongside their technical skills.
Read more about CISOs
- The role of the chief information security officer has evolved dramatically over the years – and will continue to do so. What should boards really looking for when hiring a security leader in 2025?
- Like technical debt, security debt accumulates quickly, due to unpatched software, rushed security testing and poor visibility. When the bill comes due, it could mean a breach.
- Traditional security measures may not be able to cope with the AI reality. In order to safeguard enterprise operations, reputation and data integrity in an AI-first world, security leaders need to rethink.
Talent shortage and burnout
The cyber security talent shortage remains one of the sector’s biggest challenges. Critical cyber roles remain unfilled, and when new employees do come on board, it can take months before they are fully operational. Burnout further adds to the problem, driving experienced professionals to leave the industry and creating a costly cycle of recruitment.
What is needed is role-specific learning paths that are designed to shorten time-to-time productivity for security operations centre (SOC) analysts, red, blue and purple teamers and engineers, for example. Clear progress tracking will help ensure that upskilling aligns with role expectations, reducing wasted effort and improving return on investment (RoI). Investing in professional development that accelerates onboarding, keeps teams engaged and supports upskilling, will help organisations retain expertise and strengthen workforce capability.
November 2025: The CW Security Think Tank on the role of the CISO
- Aditya K Sood, Aryaka: CISOs in court: Balancing cyber resilience and legal accountability.
- Sam Thornton, Bridewell: We can alleviate the expanding burden on the CISO.
- Mike Gillespie and Ellie Hurst, Advent IM: CISO burnout: A crisis of expectation and isolation.
Keeping teams engaged
Burnout and attrition are often symptoms of disengagement. When training feels repetitive or disconnected from day-to-day challenges, it won’t inspire growth or motivation. To counter this, gamified, community-driven learning can help make ongoing development engaging and meaningful.
Gamified challenges, leaderboards and badges create a sense of achievement and healthy competition, while a community-driven approach ensures a constant flow of fresh, relevant content.
Retention and mental health improve when professionals enjoy their work and share experiences that support collaboration. Engagement isn’t just about satisfaction; it’s about ensuring teams remain motivated, connected and mentally ready to respond effectively under pressure.
Supporting psychological resilience also creates a culture of sustainable performance. Teams that can stay calm and think clearly under pressure make faster, better decisions and help their organisations maintain stability during a crisis.
Embedding psychological readiness and gamified upskilling into workforce development helps organisations demonstrate a commitment to their employees. It strengthens engagement, morale and long-term retention, ensuring cyber teams are not only technically capable, but mentally resilient.
Haris Pylarinos is CEO and founder of Hack The Box
