The Cyber Leader’s Awakening: From Burnout to Breakthrough

By Jothi Dugar, CISO, National Institutes of Health – Center for Information Technology, and Ty Hughes, Director, Cybersecurity Integrity Center, Department of State

In today’s high-stakes digital landscape, cybersecurity leaders are facing unprecedented demands. Cybersecurity is no longer just about technical expertise; it’s a high-pressure, multidisciplinary role. Today’s cybersecurity leaders, especially in healthcare, must balance strategy, risk, and leadership while defending and safeguarding organizations under intense pressure with minimal margin for error. 

Protecting an organization from reputational, operational, and financial fallout requires cybersecurity leaders to think beyond technology. They are expected to lead, influence, and navigate complex business and the organization’s cultural dynamics. Yet they often do so without the adequate support, resources, or funding required to be successful. This often results in chronic burnout and higher turnover for the organization. 

According to a 2024 survey by ISACA, 66% of cybersecurity professionals reported that their roles have become more stressful over the past five years. Additionally, a 2024 report by BlackFog found that one in four cybersecurity leaders are actively seeking to leave their positions due to stress and job demands. Among those considering departure, 93% cited stress and job demands as significant factors influencing their decision.   

As cybersecurity roles expand, so do the stakes. Leaders must navigate regulation, risk, and real-time threats—often without added support. The constant pressure and fear of breaches are driving chronic stress and disengagement. 

When every click can impact patient safety or national security, supporting the human layer is mission-critical.

As roles have evolved, so too have the stakes. Today’s cybersecurity leaders must interpret regulatory guidance, understand supply chain vulnerabilities, collaborate across silos, and translate technical risks into business language. Simultaneously, they must maintain real-time situational awareness of ever-evolving threats. Yet, these growing expectations are rarely accompanied by greater institutional support. The emotional toll of “always-on” vigilance and the fear of being the next breach headline contribute to chronic stress and disengagement. 

Traditionally, cybersecurity has focused predominantly on the technology aspect—firewalls, encryption, endpoint protection, tools, and cyber hygiene are the areas of importance. In contrast, the human element—behavior, habits, culture and ethics—is rarely given enough acknowledgment for its importance, and can cast the people of an organization as the “weakest link”. In fact, according to Mimecast’s 2025 State of Human Risk Report, human error was a contributing factor in 95% of data breaches in 2024.  

Because human error remains a significant factor in breaches, it represents a key opportunity to strengthen an organization’s cybersecurity posture by building a culture of cyber accountability across all roles, empowering every employee to act securely by default. What if the humans, the people at the very heart of the organization, can actually be empowered to be their strongest assets instead?  

When people are tired, overworked, or disconnected, they are more likely to click a phishing link, misconfigure a setting, or miss a critical alert. According to Keepnet Labs, 95% of cybersecurity issues involve a human element, and a NIST study found that constant cybersecurity warnings have led to “security fatigue,” causing users to ignore warnings and engage in risky online behavior. It’s not just about training—it’s about capacity and wellness.  

Cybersecurity leaders in particular, are expected to perform their roles precisely under immense pressure. A moment of cognitive fatigue or emotional exhaustion can open the door to ransomware, exfiltration, or reputational ruin. In this context, cyber wellness isn’t a luxury or “woo-woo” thinking; it’s imperative for cybersecurity. 

Cyber wellness means securing digital systems by supporting the people behind them—building clarity, resilience, and sustainable performance under pressure. It empowers cyber professionals with not just tools, but the mindset and energy to lead and defend effectively. 

Beyond individual well-being, cyber wellness is a strategy for reducing risk across the enterprise. When cybersecurity becomes a shared mission—rather than the sole responsibility of cybersecurity leaders, everyone from system administrators to clinicians understands their role in protecting digital assets. Cyber wellness fuels engagement, and engaged teams are proactive, vigilant, and collaborative. 

Organizations can embed cyber wellness into their culture when leadership models foster psychological safety, and promote stress-reduction practices like mindfulness, breaks, and coaching. These aren’t perks—they’re essential enablers of performance and protection. 

Organizations may build cross-functional working groups where teams such as IT, cybersecurity, HR, and compliance collaborate—not just during incidents, but proactively. In addition, they can elevate cyber wellness from an HR issue to a core element of cyber risk management. After all, you can have the best tools, frameworks, and threat intelligence—but if your people are depleted, you’re likely still vulnerable. 

Cybersecurity in healthcare isn’t just about resilience—it’s about sustainability. Today’s leaders need more than technical skills; they need mental and emotional strength to protect themselves effectively. Cyber wellness isn’t a perk—it’s essential. When every click can impact patient safety or national security, supporting the human layer is mission-critical.