In its fourth year, cyber resilience non-profit Cybermindz is urging organizations to reframe burnout, not as a standalone wellness issue, but as a critical risk, shifting the conversation towards a more measurable, impact-driven approach aligned with real-world operational resilience. Burnout and stress are still a major issue in cybersecurity. Research by Cybermindz found that, in a poll of 101 cyber professionals, one in two experience burnout weekly or daily. What’s more, 66% of those polled reported moderate or high emotional exhaustion and 54% show two or more concurrent burnout indicators. Read more: PPRO CISO Bronwyn Boyle on Burnout and Building a Healthy Cybersecurity Culture Positioning the solution to this challenge as a wellness offering can limit both understanding and engagement, Peter Coroneos, Founder, Cybermindz, noted in a conversation with Infosecurity. He said that the current discourse on tackling burnout and stress can also have resource implications as solutions perceived as training or wellness initiatives are often seen as discretionary spending, rather than integral to cybersecurity. “We believe that bringing our offering into a risk-based conversation will have more traction and unlock more resources to support teams that are doing the difficult work,” Coroneos told Infosecurity. Coroneos warned that individuals at firms which have experienced significant ransomware attacks have shown evidence of “what appears to be trauma-like symptoms.” “We talked to a CSO in Luxembourg that lost six out of ten at his team due to trauma after a major insider attack. This has real world effects in terms of capability and capability degradation translates into elevated risk,” he said. Taking a risk-based approach allows CISOs to have conversations at board level about how the mental state of staff has a direct link to corporate risk exposure.