Information Security Officers (CISOs) have been on the front lines of cybersecurity wars for some time. The impact of heavy workloads on their professional and private life is visible and creates new dangers and potential crisis situations for business leaders.
Cyber ââsecurity personnel who are stressed, fatigued or suffering from burnout cannot function to their full potential and may be prone to errors or poor judgment during a cyber crisis, which could make a bad situation worse. .
Before the holiday season begins, the email security company tessian surveyed CISOs in the US and UK to explore burnout, pain points and other trends affecting those directly facing cyber threats. According to the company report which was released today:
- Two in five CISOs missed a holiday like Thanksgiving because of work demands; 25% have not taken leave in the past 12 months.
- CISOs miss important events and family vacations, and put their health at risk by missing doctor’s appointments – something 44% of CISOs have experienced in the past year.
- 40% missed a family vacation because of work.
- One third of CISOs report being unable to exercise regularly.
Work more hours
Tessian’s report found that CISOs work, on average:
- 11 hours more than they are hired each week, while one in 10 works 20 to 24 hours of overtime per week.
- Due to their stressful job, 59% of CISOs report having difficulty always stopping work after the work day is over.
Impact on business
âIt’s no surprise to hear that CISOs are exhausted, but the results show how these feelings of burnout can cascade down through an organization,â observed Josh yavor, RSSI of Tessian. âWe need to think about liability and risk in an efficient and modern way, and we need to understand that while security is ultimately something that CISOs are responsible for, their leadership teams need to support them because they can’t do everything. do on their own. “
He noted that âThe role of RSSI is also a tough job to fill, and this research identifies impact on a more granular and measurable level than what we’ve seen before. What comes next is the most important thing. How can we ensure that the security functions are significantly strengthened in large organizations and that they have the resources, support and tools they need to function while avoiding burnout?
Yavor had the following tips for CISOs:
âCISOs have the opportunity to lead the way and set expectations within their organization to deliver lasting and lasting work experiences. They must ensure that security programs and teams are put in place appropriately for the best results. To avoid burnout, CISOs need to understand the capacity limits of their teams and themselves.
âThey are ultimately responsible for ensuring that there is sufficient capacity for successful and sustainable execution versus planned and unplanned work. CISOs must be able to either say “no” to unplanned work or be empowered to effectively shift work priorities to accommodate the capacity and cost of previously planned work.
Lead by example
âBurnout often occurs when people (whatever their role) cannot handle situations where unplanned work meets capacity constraints, and the decision is to perform heroic acts at the expense of people rather. than holding the organization accountable for sustainable work. “
âIt is essential that CISOs lead by example in these cases. Once we recognize our limitations as humans and leaders and accept them, the better for everyone. The uncertainty and discomfort that comes with this type of approach is a necessary cost of what it takes to do better as a CISO.