George Gerchow / Bedrock Security”I’ll never report to a CTO or CFO again. I have to have seat at the table,” he says emphatically. Otherwise, he says, you become frustrated “because you’re not in control of your own destiny. You’re parsing everything to this other person who’s a leader in the company, and you potentially have the riskiest job in the entire organization.”Maggie Myers, a managing consultant at Korn Ferry, recently spoke with a CISO who told her the pressure has never been higher and the control has never felt lower. “I think in many cases [the CISO role has] become unsustainable,” Myers says.Echoing Gerchow, she adds, “The reason why has a lot to do with how it’s structured. I think that’s the real issue here. The script is changing a little bit,” but CISOs are still expected to manage risk.It’s no secret CISOs are under tremendous pressure. “They’ve got the regulatory scrutiny, they’ve got public visibility,” along with the increasing complexity of threats, and “AI is just adding to that fire, and the mismatch between the accountability and the authority,” says Myers, who wrote “The CISO Dilemma,” which explores CISO turnover rates and how companies can change that moving forward.Often, CISOs don’t have the mandate to influence the business systems or processes that are creating that risk, she says. “I think that’s a real disconnect and that’s what’s really driving the burnout and turnover.”For Amit Basu, vice president, CIO, and CISO of International Seaways, the problem is that “CISOs often lack formal indemnification, clear governance authority, or tailored [directors and officers] protection,” he says. “In many cases, the CISO is tasked with managing enterprise risk while remaining structurally underpowered to influence it fully.”It is this imbalance that is driving burnout, turnover, and growing reluctance among senior cybersecurity leaders to step into or remain in these roles, Basu believes.
A lack of support: On the flip side, Corey Nachreiner, CISO/CSO at WatchGuard, doesn’t believe the CISO is the most undesirable role. Yet, he adds, being a CISO “can often feel like trying to win a game of dodgeball with one arm tied behind your back. You’re expected to thwart every cybersecurity threat without always having the resources or support to do so effectively.”Nachreiner cites a survey from Nominet that finds 91% of CISOs suffer moderate to high stress. “The job involves a perpetual cycle of stress, knowing a cybersecurity incident could hit anytime,” he says. “Threat actors grow more cunning, and even nation states take aim at civilian companies. Yet, the true challenge lies in how businesses often see cybersecurity as a necessary evil rather than a top priority. It’s as if the CISO’s motto is, ‘All risk, little reward.’”
b2b-contenthub.com/wp-content/uploads/2025/07/nachreiner-stylized_1600x900px.jpg?resize=300%2C168&quality=50&strip=all 300w, b2b-contenthub.com/wp-content/uploads/2025/07/nachreiner-stylized_1600x900px.jpg?resize=768%2C432&quality=50&strip=all 768w, b2b-contenthub.com/wp-content/uploads/2025/07/nachreiner-stylized_1600x900px.jpg?resize=1024%2C576&quality=50&strip=all 1024w, b2b-contenthub.com/wp-content/uploads/2025/07/nachreiner-stylized_1600x900px.jpg?resize=1536%2C864&quality=50&strip=all 1536w, b2b-contenthub.com/wp-content/uploads/2025/07/nachreiner-stylized_1600x900px.jpg?resize=1240%2C697&quality=50&strip=all 1240w, b2b-contenthub.com/wp-content/uploads/2025/07/nachreiner-stylized_1600x900px.jpg?resize=150%2C84&quality=50&strip=all 150w, b2b-contenthub.com/wp-content/uploads/2025/07/nachreiner-stylized_1600x900px.jpg?resize=854%2C480&quality=50&strip=all 854w, b2b-contenthub.com/wp-content/uploads/2025/07/nachreiner-stylized_1600x900px.jpg?resize=640%2C360&quality=50&strip=all 640w, b2b-contenthub.com/wp-content/uploads/2025/07/nachreiner-stylized_1600x900px.jpg?resize=444%2C250&quality=50&strip=all 444w” width=”1024″ height=”576″ sizes=”(max-width: 1024px) 100vw, 1024px” />Human vs. position problem: Some CISOs are stepping back from operational roles into more advisory ones. Patricia Titus, who recently took a position as a field CISO at startup Abnormal AI after 25 years as a CISO, does not think the CISO role has become less desirable. “The regulatory scrutiny has been there all along,” she says. “It’s gotten a light shined on it. “¦ Regulators may be getting smarter and asking more direct questions.” Titus attributes the increased burnout to the fact that “we’re not doing a good job of balancing. That to me is a human problem versus a position problem.”This is an issue in other C-level positions as well, she notes. “The question in my mind is, Are CISOs at the point where the position needs to be elevated to the right level,” with the “right support from your leadership?”Titus has seen burnout occur when there isn’t good succession planning and “people are hoarding the power versus sharing the responsibility.” She recalls one security job she was in that caused “stress-induced eczema, and my health was a hot mess, and I had to make some conscious decisions about what to do about that.”In her dealings with another leader at the time, Titus says she “tried everything in my bag of tricks to make the relationship better, stronger, and healthier.” But it got to the point where “I felt this person and I aren’t going to see eye to eye and that’s where you agree to disagree.” Ultimately, she left the company and found “a better job.”If you’re running a strong security program, Titus says, the CISO should be able to say where the strengths and weaknesses are.”I believe this job is an exciting job and requires a person who is multidisciplined. You have to use critical thinking skills, you have to understand the business,” she says. “It’s not the CISO job of 20 years ago. It’s an evolving field and position.”Her role is to bring her expertise to help customers with problems in an advisory capacity.Although Titus no longer has operational responsibility, she says she still feels “very wed to making sure that we’re protecting customer data” and helping the newly hired CISO.The company also has a second field CISO and a total of four people who are security professionals. “To me, that’s the best of all worlds.”She believes the CISO role is undesirable in companies that have seen a lot of job cuts coupled with the economic downturn and financial struggles. When the CISO also has to let people go, that can create an extremely stressful situation, she says.”That’s where I could see CISOs say, ‘I have to get out of here,’” Titus says. “Have I been in positions where I feel I have been set up for failure? If I said no that would be a lie.”While companies focus on their core business operations, a savvy CISO will aim to support that with minimal risk, WatchGuard’s Nachreiner says. “But the Catch-22 is that tackling this requires money and human capital, which are often in short supply,” he says. “As budgets tighten, security becomes the proverbial belt to be tightened further.”Like Titus, Nachreiner says cybersecurity is fundamentally a human challenge, and all employees must do their part. “Yet, motivating them can feel like herding cats, particularly when their plates are already full. Lack of collaboration can sap morale faster than a data breach.”
An association for CISOs: The fact that there is discussion about the CISO role becoming the least desirable in business today reflects a growing tension many CISOs are feeling, observes International Seaways’ Basu. “While the role has never been more critical to an enterprise, it has also never carried more personal risk, pressure, or ambiguity,” he says.With the evolution of the CISO from a back-office technical guardian into a strategic risk leader has come increased visibility, but also “disproportionate scrutiny and lack of protection,” Basu maintains. “CISOs now face the prospect of personal liability, criminal exposure, and reputational damage for decisions made within complex, often under-resourced environments, many of which fall outside their direct control.”Recent enforcement actions and legal precedents have made it clear that regulators are no longer satisfied with corporate accountability and are holding individuals responsible, he adds.”But the answer is not to undermine the position; it requires formalizing legal protections, defining authority and reporting lines, and recognizing cybersecurity leadership as a profession, complete with accreditation, ethical codes, standard operating procedures, and peer support,” Basu says.
b2b-contenthub.com/wp-content/uploads/2025/07/nachreiner-stylized_1600x900px.jpg?resize=300%2C168&quality=50&strip=all 300w, b2b-contenthub.com/wp-content/uploads/2025/07/nachreiner-stylized_1600x900px.jpg?resize=768%2C432&quality=50&strip=all 768w, b2b-contenthub.com/wp-content/uploads/2025/07/nachreiner-stylized_1600x900px.jpg?resize=1024%2C576&quality=50&strip=all 1024w, b2b-contenthub.com/wp-content/uploads/2025/07/nachreiner-stylized_1600x900px.jpg?resize=1536%2C864&quality=50&strip=all 1536w, b2b-contenthub.com/wp-content/uploads/2025/07/nachreiner-stylized_1600x900px.jpg?resize=1240%2C697&quality=50&strip=all 1240w, b2b-contenthub.com/wp-content/uploads/2025/07/nachreiner-stylized_1600x900px.jpg?resize=150%2C84&quality=50&strip=all 150w, b2b-contenthub.com/wp-content/uploads/2025/07/nachreiner-stylized_1600x900px.jpg?resize=854%2C480&quality=50&strip=all 854w, b2b-contenthub.com/wp-content/uploads/2025/07/nachreiner-stylized_1600x900px.jpg?resize=640%2C360&quality=50&strip=all 640w, b2b-contenthub.com/wp-content/uploads/2025/07/nachreiner-stylized_1600x900px.jpg?resize=444%2C250&quality=50&strip=all 444w” width=”1024″ height=”576″ sizes=”(max-width: 1024px) 100vw, 1024px” />
b2b-contenthub.com/wp-content/uploads/2025/06/amit-basu-cso-16×9-1.jpg?resize=300%2C168&quality=50&strip=all 300w, b2b-contenthub.com/wp-content/uploads/2025/06/amit-basu-cso-16×9-1.jpg?resize=768%2C432&quality=50&strip=all 768w, b2b-contenthub.com/wp-content/uploads/2025/06/amit-basu-cso-16×9-1.jpg?resize=1024%2C576&quality=50&strip=all 1024w, b2b-contenthub.com/wp-content/uploads/2025/06/amit-basu-cso-16×9-1.jpg?resize=1536%2C864&quality=50&strip=all 1536w, b2b-contenthub.com/wp-content/uploads/2025/06/amit-basu-cso-16×9-1.jpg?resize=1240%2C697&quality=50&strip=all 1240w, b2b-contenthub.com/wp-content/uploads/2025/06/amit-basu-cso-16×9-1.jpg?resize=150%2C84&quality=50&strip=all 150w, b2b-contenthub.com/wp-content/uploads/2025/06/amit-basu-cso-16×9-1.jpg?resize=854%2C480&quality=50&strip=all 854w, b2b-contenthub.com/wp-content/uploads/2025/06/amit-basu-cso-16×9-1.jpg?resize=640%2C360&quality=50&strip=all 640w, b2b-contenthub.com/wp-content/uploads/2025/06/amit-basu-cso-16×9-1.jpg?resize=444%2C250&quality=50&strip=all 444w” width=”1024″ height=”576″ sizes=”(max-width: 1024px) 100vw, 1024px” />
