Tech
Resilience for resilience: Managing burnout among cyber leaders | Computer Weekly
While organisations invest in cyber resilience, the resilience of those leading the charge, chief information security officers (CISOs), is often overlooked. The CISO role is consistently ranked among the most high-pressure in the C-suite. According to ISACA’s State of Cybersecurity 2025 report, 66% of cyber security professionals say their role is more stressful now than it was five years ago.
CISOs often operate in environments where security is underfunded, under prioritised, or misunderstood at the board and C-suite level. A lack of senior-level buy-in trickles down into:
- Budget constraints that limit the scope and impact of the CISO function, including resources for tooling and automation.
- Skills shortages and restrictive operating models that prevent effective delegation.
- Strategic misalignment, where short-term delivery is prioritised over long-term business resilience and customer outcomes.
This creates a vicious cycle: CISOs are held accountable for outcomes without sufficient resources or executive backing, leading to stress, frustration, and burnout.
Security is still often perceived as a business inhibitor until a significant incident occurs. The constant need to ‘sell’ cyber security within conflicting C-suite priorities burns effort, while rising public and stakeholder awareness amplifies the pressure.
For example, in finance, CISOs face strict regulation and intense board and public scrutiny. In the public sector, bureaucratic friction and procurement constraints can complicate strategic investments, leaving CISOs exposed both operationally and reputationally.
To move the needle on cyber security, CISOs must go beyond technical defences and reposition security as a strategic business enabler. This starts with shifting board and C-suite mindsets, through education, influence, and persistent engagement, to see cyber security as integral to innovation and resilience.
Developing executive-level dashboards that articulate the organisation’s cyber security posture can provide visibility into progress, operational resilience, and how security initiatives align with strategy and enterprise goals. Equally critical is framing cyber risk in business terms, translating technical threats into quantifiable impacts on revenue, regulation, and user impact. This kind of communication elevates the CISO’s role from IT steward to strategic partner.
The ever-changing cyber landscape
Unlike other leadership roles, the CISO must constantly adapt to overlapping and complex regulations, such as the UK Data Protection Act, the EU General Data Protection Regulation (GDPR), and frameworks like DORA and FCA PS21/3. They also face threats including ransomware and AI-driven attacks. Additionally, CISOs must manage expanding attack surfaces resulting from offshoring, cloud adoption, and increasing third-party dependencies. Compounding these challenges are rapid technological shifts, such quantum computing and generative AI.
CISOs must simultaneously manage today’s risk, ensure operational integrity, steer future strategy, and monitor an evolving landscape, all in real time. The pace of threats means new systems, technologies, or vulnerabilities can be targeted within hours of going live, leaving little margin for error or recovery.
The rapid pace of digital transformation, while essential for business growth, expands risk and complexity beyond what traditional operating models can accommodate. CISOs must adapt at speed, safeguarding organisations against increasingly sophisticated threats.
In healthcare, for example, CISOs face ransomware threats that directly impact patient safety. In large global organisations, tool sprawl and third-party outsourcing increase complexity and reduce visibility, leaving CISOs with fragmented control capabilities.
Building a stronger cyber security posture requires a unified, risk-based approach that clearly delegates controls and accountability across teams and partners. By layering zero-trust architecture with continuous third-party monitoring, organisations can shrink their attack surface and keep vendor risk in check. Running threat simulation exercises further sharpens the security team’s agility, preparing them to respond to emerging threats before they escalate.
Systemic illusions and cognitive overload
While strategic misalignments and resource constraints put the CISO under pressure, the issue of a mismatch between accountability and authority persists. CISOs are expected to secure systems and manage risk across business units, outsourced services and technologies they don’t directly control which leaves them accountable for outcomes without clear decision rights or contractual levers.
The illusion of control arises when CISOs are accountable for cyber security risk but lack authority to enforce controls, especially across fragmented, outsourced, or federated environments. Their role shifts from decisive action to constant negotiation, increasing stress and accountability without power to drive change. In some public sector organisations, the CISO role is secondary or voluntary, often combined with IT delivery, forcing individuals to prioritise security against operational delivery.
Driving change in cyber security leadership demands structural and cultural alignment. Establishing cross-functional governance and defining risk ownership between security and business leaders ensures that cyber risk becomes part of everyday executive decision-making. Embedding security deliverables and risk criteria into all business projects further reinforces that cyber security is a shared accountability. At the same time, supporting the CISO’s own resilience and wellbeing is crucial. Access to peer networks, executive coaching, and setting clear boundaries can help mitigate cognitive overload.
From burnout to balance
CISO burnout is not a personal weakness but a consequence of conflicting organisational design. Until cyber security is embedded as a core business function, CISOs will continue to face impossible expectations and fragmented authority. Organisations must redefine accountability and empower CISOs with real decision-making authority, and invest in resilience, for both their people and their strategies. Only then will cyber security leadership become a source of business strength, rather than a burnout risk.
John Skipper and Farrukh Ahmad are cyber security experts at PA Consulting
Over the weekend, the Justice Department released three new data sets comprising files related to Jeffrey Epstein. The DOJ had previously released nearly 4,000 documents prior to the Friday midnight deadline required by the Epstein Files Transparency Act.
As with Friday’s release, the new tranche appears to contain hundreds of photographs, along with various court records pertaining to Epstein and his associates. The first of the additional datasets, Data Set 5, is photos of hard drives and physical folders, as well as chain-of-custody forms. Data Set 6 appears to mostly be grand jury materials from cases out of the Southern District of New York against Epstein and his coconspirator, Ghislaine Maxwell. Data Set 7 includes more grand jury materials from those cases, as well as materials from a separate 2007 Florida grand jury.
Data Set 7 also includes an out-of-order transcript between R. Alexander Acosta and the DOJ’s Office of Professional Responsibility from 2019. According to the transcript, the OPR was investigating whether attorneys in the Southern District of Florida US Attorney’s Office committed professional misconduct by entering into a non-prosecution agreement with Epstein, who was being investigated by state law enforcement on sexual battery charges. Acosta was the head of the office when the agreement was signed.
Leading up to the deadline to release materials, the DOJ made three separate requests to unseal grand jury materials. Those requests were granted earlier this month.
The initial release of the Epstein files was met with protest, particularly by Epstein victims and Democratic lawmakers. “The public received a fraction of the files, and what we received was riddled with abnormal and extreme redactions with no explanation,” wrote a group of 19 women who had survived abuse from Epstein and Maxwell in a statement posted on social media. Senator Chuck Schumer said Monday that he would force a vote that would allow the Senate to sue the Trump administration for a full release of the Epstein files.
Along with the release of the new batch of files over the weekend, the Justice Department also removed at least 16 files from its initial offering, including a photograph that depicted Donald Trump. The DOJ later restored that photograph, saying in a statement on X that it had initially been flagged “for potential further action to protect victims.” The post went on to say that “after the review, it was determined there is no evidence that any Epstein victims are depicted in the photograph, and it has been reposted without any alteration or redaction.”
The Justice Department acknowledged in a fact sheet on Sunday that it has “hundreds of thousands of pages of material to release,” claiming that it has more than 200 lawyers reviewing files prior to release.
OpenAI sent 80 times as many child exploitation incident reports to the National Center for Missing & Exploited Children during the first half of 2025 as it did during a similar time period in 2024, according to a recent update from the company. The NCMEC’s CyberTipline is a Congressionally authorized clearinghouse for reporting child sexual abuse material (CSAM) and other forms of child exploitation.
Companies are required by law to report apparent child exploitation to the CyberTipline. When a company sends a report, NCMEC reviews it and then forwards it to the appropriate law enforcement agency for investigation.
Statistics related to NCMEC reports can be nuanced. Increased reports can sometimes indicate changes in a platform’s automated moderation, or the criteria it uses to decide whether a report is necessary, rather than necessarily indicating an increase in nefarious activity.
Additionally, the same piece of content can be the subject of multiple reports, and a single report can be about multiple pieces of content. Some platforms, including OpenAI, disclose the number of both the reports and the total pieces of content they were about for a more complete picture.
OpenAI spokesperson Gaby Raila said in a statement that the company made investments toward the end of 2024 “to increase [its] capacity to review and action reports in order to keep pace with current and future user growth.” Raila also said that the time frame corresponds to “the introduction of more product surfaces that allowed image uploads and the growing popularity of our products, which contributed to the increase in reports.” In August, Nick Turley, vice president and head of ChatGPT, announced that the app had four times the amount of weekly active users than it did the year before.
During the first half of 2025, the number of CyberTipline reports OpenAI sent was roughly the same as the amount of content OpenAI sent the reports about—75,027 compared to 74,559. In the first half of 2024, it sent 947 CyberTipline reports about 3,252 pieces of content. Both the number of reports and pieces of content the reports saw a marked increase between the two time periods.
Content, in this context, could mean multiple things. OpenAI has said that it reports all instances of CSAM, including uploads and requests, to NCMEC. Besides its ChatGPT app, which allows users to upload files—including images—and can generate text and images in response, OpenAI also offers access to its models via API access. The most recent NCMEC count wouldn’t include any reports related to video-generation app Sora, as its September release was after the time frame covered by the update.
The spike in reports follows a similar pattern to what NCMEC has observed at the CyberTipline more broadly with the rise of generative AI. The center’s analysis of all CyberTipline data found that reports involving generative AI saw a 1,325 percent increase between 2023 and 2024. NCMEC has not yet released 2025 data, and while other large AI labs like Google publish statistics about the NCMEC reports they’ve made, they don’t specify what percentage of those reports are AI-related.
Known as the “Doomsday Glacier,” the Thwaites Glacier in Antarctica is one of the most rapidly changing glaciers on Earth, and its future evolution is one of the biggest unknowns when it comes to predicting global sea level rise.
The eastern ice shelf of the Thwaites Glacier is supported at its northern end by a ridge of the ocean floor. However, over the past two decades, cracks in the upper reaches of the glacier have increased rapidly, weakening its structural stability. A new study by the International Thwaites Glacier Collaboration (ITGC) presents a detailed record of this gradual collapse process.
Researchers at the Centre for Earth Observation and Science at the University of Manitoba, Canada, analyzed observational data from 2002 to 2022 to track the formation and propagation of cracks in the ice shelf shear zone. They discovered that as the cracks grew, the connection between the ice shelf and the mid-ocean ridge weakened, accelerating the upstream flow of ice.
The Crack in the Ice Shelf Widens in Two Stages
The study reveals that the weakening of the ice shelf occurred in four distinct phases, with crack growth occurring in two stages. In the first phase, long cracks appeared along the ice flow, gradually extending eastward. Some exceeded 8 km in length and spanned the entire shelf. In the second phase, numerous short cross-flow cracks, less than 2 km long, emerged, doubling the total length of the fissures.
Analysis of satellite images showed that the total length of the cracks increased from about 165 km in 2002 to approximately 336 km in 2021. Meanwhile, the average length of each crack decreased from 3.2 km to 1.5 km, with a notable increase in small cracks. These changes reflect a significant shift in the stress state of the ice shelf, that is, in the interaction of forces within its structure.
Between 2002 and 2006, the ice shelf accelerated as it was pulled by nearby fast-moving currents, generating compressive stress on the anchorage point, which initially stabilized the shelf. After 2007, the shear zone between the shelf and the Western ice tongue collapsed. The stress concentrated around the anchorage point, leading to the formation of large cracks.
Since 2017, these cracks have completely penetrated the ice shelf, severing the connection to the anchorage. According to researchers, this has accelerated the upstream flow of ice and turned the anchorage into a destabilizing factor.
Feedback Loop Collapse
One of the most significant findings of the study is the existence of a feedback loop: Cracks accelerate the flow of ice, and in turn, this increased speed generates new cracks. This process was clearly recorded by the GPS devices that the team deployed on the ice shelf between 2020 and 2022.
During the winter of 2020, the upward propagation of structural changes in the shear zone was particularly evident. These changes advanced at a rate of approximately 55 kilometers per year within the ice shelf, demonstrating that structural collapse in the shear zone directly impacts upstream ice flow.
Lions fan involved in altercation with Steelers star denies using derogatory language toward player
Ben Affleck, ex Jennifer Lopez reunite for family time with son Samuel
Trump pulls 30 envoys in ‘America First’ push, critics say it weakens US abroad
-
Business1 week agoStudying Abroad Is Costly, But Not Impossible: Experts On Smarter Financial Planning
-
Business1 week agoKSE-100 index gains 876 points amid cut in policy rate | The Express Tribune
-
Fashion5 days agoIndonesia’s thrift surge fuels waste and textile industry woes
-
Business5 days agoBP names new boss as current CEO leaves after less than two years
-
Sports1 week agoJets defensive lineman rips NFL officials after ejection vs Jaguars
-
Tech1 week agoFor the First Time, AI Analyzes Language as Well as a Human Expert
-
Tech5 days agoT-Mobile Business Internet and Phone Deals
-
Entertainment1 week agoPrince Harry, Meghan Markle’s 2025 Christmas card: A shift in strategy