Europe's Chief Information Security Officers Face Burnout Crisis as New Rules Tighten Personal Liability
Veröffentlicht: 13.07.2026 um 12:34 Uhr, Redaktion boerse-global.de
The job of chief information security officer (CISO) is becoming untenable across Europe. Average tenure in the role has collapsed to between 18 and 26 months, and nine out of ten CISOs report chronic stress. The core problem: their performance is judged almost solely on the absence of security incidents, yet when a breach occurs, blame lands squarely on them.
Personal liability fears are driving the exodus. A recent survey found 78% of security leaders worry about being held personally accountable — a sharp jump from 56% the year before. The main catalyst is the EU's NIS-2 directive, which makes company directors personally liable for cybersecurity failures. One in five CISOs admitted they had been pressured to cover up security incidents, and industry insiders suspect the true number is higher. Compliance violations are sometimes hidden to protect reputations or business deals.
Stress Mounts as Threats Grow More Complex
Security analysts handle up to 100 alerts per twelve-hour shift. Ransomware and the rising sophistication of AI-powered attacks are cited as major stress triggers. Budget cuts at many companies add another layer of pressure. The psychological toll is stark: 90% of CISOs experience moderate to high stress, and burnout rates are climbing.
The threat landscape explains much of the anxiety. In Germany, 87% of companies reported being hit by cyberattacks, with total damage estimated at €290 billion. Manufacturing is hit hardest: 73% of attacks specifically target production systems.
New Reporting Deadlines Add Urgency
Implementation of NIS-2 has been slow. By July 9, only 11,500 of the 29,500 affected companies in Germany had registered with the Federal Office for Information Security (BSI). Starting September 11, the Cyber Resilience Act (CRA) imposes strict reporting obligations. Security vulnerabilities must be reported as an early warning within 24 hours, with a full report due within 72 hours. Violations carry fines of up to €15 million or 2.5% of global annual turnover — whichever is higher.
Fresh Approaches to Ease the Burden
A growing number of organisations are turning to "CISO as a Service" or fractional CISOs, particularly in the mid-market, to spread responsibility and reduce individual burnout. Experts also call for more automation through AI to free analysts from repetitive tasks.
Psychological support is now on the agenda. A specialist congress in Cologne on November 18 will focus on mental resilience in the face of AI-driven attacks. Speakers include sports psychologist Dr. Hans-Dieter Hermann and behavioural expert Henry Coutinho-Mason, who will present strategies for coping with constant digital pressure.
The broader structural fix under discussion is "shared responsibility." Cybersecurity can no longer be treated as a purely IT function, proponents argue; it must become a collective obligation across the entire organisation — starting with the executive board.
Disclaimer zu unseren Artikeln: Keine Anlageberatung, keine Kauf oder Verkaufsempfehlung. Angaben zu Kursen, Unternehmen und Märkten ohne Gewähr; Änderungen jederzeit möglich. Börsengeschäfte können zu hohen Verlusten führen. Unsere Beiträge werden ganz oder teilweise automatisiert mit Unterstützung von AI erstellt und geprüft.
