CISO burnout is a serious issue and through this discussion, we try to find out the impact of this issue on organizations and individuals. The CISO role is operation intensive and gruelling. In most cases CISOs remain in an organisation for about 1 to 2 years. The role is related to high stress levels and unrealistic organisational expectations. A study showed 90% of them were willing to take a pay cut for better work life balance. The problem is further compounded with connected devices and pandemic on board.

A study noted - Average tenure of a CISO is just 26 months due to high stress and burnout. The vast majority of interviewed CISO executives (88%) report high levels of stress, a third report stress-caused physical health issues, half report mental health issues.

CISOs are, on average, working 11 more hours than they’re contracted to work each week, with 10% working 20 to 24 hours extra a week. CISO Role increased strain impacts tenure of CISO, lower engagement with other executives, less capacity to drive his/her team. Crucial areas like hiring, customer communication, professional development get hindered and ignored. 

  • CISOs are overstretched (CISOs are, on average, working 11 more hours than they’re contracted to work each week)
  • The staffing shortage and skill gap makes it harder, CISOs have to manage operations
  • The ever-increasing threat landscape and solution landscape makes it harder to keep up and evolve infrastructure accordingly
  • CISO Role increased strain impacts tenure of CISO, lower engagement with other executives, less capacity to drive his/her team. Crucial areas like hiring, customer communication, professional development get hindered and ignored

 

Our upcoming panel discussion on 'The Challenge Of CISO Burnout' is Friday, February 25, at 11:30 AM ET (8:30 AM PT). Register Here To Join

 

 

Causes Of Burnout

A CISO role need juggling of many hats. They need a strong technical background, understanding of organization goals and need to be strong communicators and have good leadership skills

They are often responsible for : 

  • Driving cybersecurity strategy
  • Managing reporting, security infrastructure
  • Understanding legal and regulatory considerations

 

Unrealictic Expectations Of Foolproof Security

An organization needs strong security procedures and detection mechanisms. However, there is no foolproofing. 
Cybersecurity has become an area of interest of board of directors since security breaches are directly related to brand image loss and customer loss (not mentioning the finanacial implication that can be huge). And the CISO often becomes the scapegoat.

 

A Few Possible Solution Areas

  • Cybersecurity Maturity Assessment. This gives a relative idea of where an organization's security weakness and strengths stand
  • Frequent testing
  • Frequent (if possible real time) attack surface testing
  • Dark web assessment. This allows to be aware of any leaked data or sensitive data in the dark web
  • Communicate clearly during stress. This allows for the CISO and the security team to discuss their issues. Management can allow for more relaxed times and breaks in the schedule to make the long hours efficient and not stressful
  • Oragnizational culture shift : have realistic expectations (have acceptable levels of risk), encourage efficient working over longer hours & more
  • Bump up and contribute towards security skill training. The talent shortae is reeking

 

References

 

 

(Panel)%20The%20Challenge%20Of%20CISO%20Burnout.png?profile=RESIZE_400xOur upcoming panel discussion on 'The Challenge Of CISO Burnout' is Friday, February 25, at 11:30 AM ET (8:30 AM PT).

In this panel, industry experts discuss the growing need for 'The challenge of CISO burnout'. CISO is an operation extensive role, it gets harder with the rapid evolving vulnerability and solution landscape along with industry-specific skill-gap. CISO Role increased strain impacts tenure of CISO, lower engagement with other executives, less capacity to drive his/her team. Crucial areas like hiring, customer communication, professional development get hindered and ignored

 Can't make it to the live discussion ? You can still register to get the on-demand link post discussion. 

>> Register Here To Join

 

 

E-mail me when people leave their comments –

CISO Platform

You need to be a member of CISO Platform to add comments!

Join CISO Platform

CISO Platform

A global community of 5K+ Senior IT Security executives and 40K+ subscribers with the vision of meaningful collaboration, knowledge, and intelligence sharing to fight the growing cyber security threats.

Join CISO Community Share Your Knowledge (Post A Blog)