Will CISOs be under even more pressure in 2026?

We just read the 2025 CISO Pressure Index from CTEM firm Nagomi, and honestly – it isn’t a happy read. 

Nagomi’s researchers report that 80% of CISOs say they’re under high or extreme pressure, and 67% feel burned out weekly or daily. Nearly 40% have considered leaving the profession, and a majority say the pressure has risen sharply in the past year.

It’s a statistical picture that we know our community can easily translate into real life experiences. When we interviewed past BHMEA speaker Dr. Leila Taghizadeh (CISO at IberoLatAm and Global Head of Cyber Risk at Allianz), she said: 

“Without a doubt, burnout and stress are massive issues in the cybersecurity space. It’s no longer a question of ‘if’ there will be a new threat – it’s a constant stream of high-stakes situations, where even a single oversight can have disastrous consequences.”

Nagomi’s new data backs that up: 73% experienced a major incident in the last six months, and 56% say they’re personally blamed always or often when breaches occur. Pressure is career-defining.

“Cybersecurity professionals are the frontline defence,” Taghizadeh added. “And that responsibility is heavy. The demands only seem to grow as threats evolve.”

The Nagomi report also highlights why CISOs feel boxed in: 65% manage 20+ tools, 58% suffered incidents those tools were meant to prevent, and 56% say their stack doesn’t integrate. Board expectations are now the top source of stress for 44% of CISOs – outweighing external threats.

2026 could amplify every one of those stressors 

Google Cloud’s 2026 cybersecurity forecast (drawing on Mandiant incident response and Google Threat Intelligence) suggests next year will see a decisive escalation in complexity, volume, and accountability for CISOs.

Importantly, the threat actor use of AI will shift from exception to norm in 2026, boosting the speed, scope, and creativity of attacks. AI-powered social engineering, voice cloning, automated reconnaissance, malware generation, and agentic attack chains will become standard playbooks.

Google warns that organisations need to be prepared for threats and adversaries that leverage AI – and that aligns directly with Nagomi’s findings: 59% of CISOs already cite agentic AI as their top near-term threat, and almost 20% of recent incidents were AI-related. Meanwhile, 82% are under pressure to cut staff or increase efficiency using AI, despite its growing misuse by attackers.

This tracks with our earlier conversation with Taghizadeh – she said: 

“Staff shortages amplify the problem. Long hours, minimal downtime, and overwhelming workloads create a situation where burnout feels inevitable. It’s a vicious cycle – understaffed teams, higher stress, more burnout, and ultimately, more exposure to risk.”

And ransomware and extortion will also intensify. Google notes that 2,302 victims were listed on data leak sites in Q1 2025 (the highest since 2020) and expects this trend to worsen in 2026. Critical enterprise software, virtualisation platforms, and supply chain providers remain prime targets.

For CISOs, this means more threat surface, more board scrutiny, and a wider blast radius – all while teams remain understaffed and tool stacks remain fragmented.

What can CISOs do now? 

1. Move from tool quantity to tool clarityReduce sprawl, consolidate overlapping capabilities, and prioritise integration – a key gap cited by 56% of CISOs.
2. Build an AI governance baseline2026 will demand controls for agentic systems, identity, permissions, and shadow AI – before attackers exploit the cracks.
3. Reframe risk conversations with leadershipBoards want risk reduction trends, quantified business impact, and IR performance metrics. Standardising these now can lower the political pressure Nagomi highlights.

The underlying truth is that resilience in 2026 will depend on reducing the human load on the people who carry the most risk. Instead of just tools, we need to focus on who’s doing what, and how much they’re expected to manage – and direct budgets towards strategic hires that lighten that load.