Burnout is pushing young cybersecurity professionals to leave the industry

Employees in the cybersecurity field face immense pressure to stay up to date with new knowledge and certifications. While experienced professionals tend to manage the workload, an increasing number of younger professionals are leaving the industry due to burnout.

Published: 
June 23, 2025
Gry Josefine Løvgren
Content Specialist

Gry Josefine Løvgren is a content specialist at Wired Relations, where she writes about all things GRC, data protection, and cybersecurity for our blog and social media channels. She holds a journalism degree from Roskilde University and uses her professional expertise to communicate complex topics in an engaging and easy-to-understand way.

Read more from the author

They aren’t the ones presenting to the board or shaping the company’s cybersecurity strategy, but they are the ones who succumb to the pressure. Across cybersecurity departments in Denmark, there is a growing trend of stress and burnout, driving more professionals to leave the industry, says cybersecurity recruitment consultant Camilla Treschow from Treschow & Son.

“It’s especially the younger staff and the women who are leaving the industry entirely. These are people who companies have worked hard to attract, only to see them leave again due to work-related pressure,” she explains.

One of the main reasons for their exit is the working conditions. Long hours in understaffed departments making it feel difficult to call in sick or take a vacation. Add to that poor leadership or a general lack of organisational maturity, which leads to confusion around roles and responsibilities.

But what Camilla Treschow sees as a major driver of burnout among younger professionals – those working in everything from incident response to compliance and risk – is the constant pressure to keep up to date with knowledge in the field.

“It’s the industry more than individual companies that has a problem. There’s a constant push to promote new products, knowledge, and especially certifications. So you always feel like you have to stay updated”.

“If you look at the roadmap of all the certifications you can take, you’d never have time to do anything else,” she says.

Cybersecurity is generally a field that demands constant decision-making based on risk and analysis, so employees feel a great responsibility to maintain up-to-date and comprehensive knowledge. But there’s a mismatch when younger and less experienced professionals feel they’re expected to have the same depth of knowledge as seasoned specialists. That pressure becomes overwhelming. According to Camilla Treschow, the industry has a responsibility here.

“The sector could do much more – for example, clearly communicating what knowledge is actually necessary and what’s not.”

Exhaustion and feeling down

The World Health Organization defines burnout as “a syndrome resulting from chronic workplace stress that has not been successfully managed.” It is characterised by exhaustion, cynicism about one’s job, and reduced professional efficacy.

It also carries serious personal consequences, such as feeling down, headaches, poor sleep, and social withdrawal.

“Burnout has major personal consequences for both the individual and their family. It can be incredibly hard to return to the job market at all. And that’s also the employer’s responsibility,” says Camilla Treschow.

Treschow’s observations in Denmark do not stand alone, but align with a broader global trend. An international study on mental health among compliance professionals – conducted by Corporate Compliance Insights in the U.S. and other countries – highlights serious challenges related to stress and well-being, with half of respondents reporting burnout at work.

“In 2025, stress tied to personal responsibility, burnout, and the pace of changing regulations continues to be a significant challenge for compliance professionals – with little change since 2022,” the report notes.

CISOs are coping

Over the years, cybersecurity has shifted from being a technical task to a high-priority business concern within Danish companies. One might assume that this would create high levels of stress on the team’s senior leadership, such as the CISO, but that’s not necessarily the case, according to Camilla Treschow.

“Many CISOs are doing just fine in their roles, and their overall well-being isn’t worse than in other industries. CISOs rarely leave the industry. What often stresses them, though, is the feeling that they aren’t succeeding in the role. Many CISOs are specialists and they find it difficult to make decisions unless they feel it's on a very solid foundation. And in this field, there’s so much to consider that it’s not always possible”.

She adds that CISOs often don’t feel heard at the executive level, simply because they may lack the communication skills needed to convey IT security in a way everyone can understand.

For Camilla Treschow, the trend is clear: the pressure to stay knowledgeable is taking a toll on cybersecurity professionals. But it’s the young talents – the ones the industry wants to attract – who are paying the highest price.

Want more articles like this?

Sign up for our newsletter Sustainable compliance and receive articles, webinars and expert knowledge directly in your inbox.

Subscribe here

You might also like

The greatest cyber threat wears a suit

Is annual cycle just a buzzword? No, it's a key to progress

5 reasons why infosec and privacy teams should work in the same system