CISO burnout is a serious issue and through this discussion, we try to find out the impact of this issue on organizations and individuals. The CISO role is operation intensive and gruelling. In most cases CISOs remain in an organisation for about 1 to 2 years. The role is related to high stress levels and unrealistic organisational expectations. A study showed 90% of them were willing to take a pay cut for better work life balance. The problem is further compounded with connected devices and pandemic on board.
A study noted - Average tenure of a CISO is just 26 months due to high stress and burnout. The vast majority of interviewed CISO executives (88%) report high levels of stress, a third report stress-caused physical health issues, half report mental health issues.
CISOs are, on average, working 11 more hours than they’re contracted to work each week, with 10% working 20 to 24 hours extra a week. CISO Role increased strain impacts tenure of CISO, lower engagement with other executives, less capacity to drive his/her team. Crucial areas like hiring, customer communication, professional development get hindered and ignored.
- CISOs are overstretched (CISOs are, on average, working 11 more hours than they’re contracted to work each week)
- The staffing shortage and skill gap makes it harder, CISOs have to manage operations
- The ever-increasing threat landscape and solution landscape makes it harder to keep up and evolve infrastructure accordingly
- CISO Role increased strain impacts tenure of CISO, lower engagement with other executives, less capacity to drive his/her team. Crucial areas like hiring, customer communication, professional development get hindered and ignored
Our upcoming panel discussion on 'The Challenge Of CISO Burnout' is Friday, February 25, at 11:30 AM ET (8:30 AM PT). Register Here To Join
Causes Of Burnout
A CISO role need juggling of many hats. They need a strong technical background, understanding of organization goals and need to be strong communicators and have good leadership skills
They are often responsible for :
- Driving cybersecurity strategy
- Managing reporting, security infrastructure
- Understanding legal and regulatory considerations
Unrealictic Expectations Of Foolproof Security
An organization needs strong security procedures and detection mechanisms. However, there is no foolproofing.
Cybersecurity has become an area of interest of board of directors since security breaches are directly related to brand image loss and customer loss (not mentioning the finanacial implication that can be huge). And the CISO often becomes the scapegoat.
A Few Possible Solution Areas
- Cybersecurity Maturity Assessment. This gives a relative idea of where an organization's security weakness and strengths stand
- Frequent testing
- Frequent (if possible real time) attack surface testing
- Dark web assessment. This allows to be aware of any leaked data or sensitive data in the dark web
- Communicate clearly during stress. This allows for the CISO and the security team to discuss their issues. Management can allow for more relaxed times and breaks in the schedule to make the long hours efficient and not stressful
- Oragnizational culture shift : have realistic expectations (have acceptable levels of risk), encourage efficient working over longer hours & more
- Bump up and contribute towards security skill training. The talent shortae is reeking
In this panel, industry experts discuss the growing need for 'The challenge of CISO burnout'. CISO is an operation extensive role, it gets harder with the rapid evolving vulnerability and solution landscape along with industry-specific skill-gap. CISO Role increased strain impacts tenure of CISO, lower engagement with other executives, less capacity to drive his/her team. Crucial areas like hiring, customer communication, professional development get hindered and ignored
Can't make it to the live discussion ? You can still register to get the on-demand link post discussion.