Overworked CISOs May Harm Organizations’ Overall Security
Businesses must prioritize reducing the stress levels of their security teams to retain talent and keep their organizations secure.
A new study found that 94% of chief information security officers are pushed to the limit, which may in turn harm organizations’ overall security posture.
Cynet, an extended detection and response vendor, surveyed 200 CISOs about their stress levels, coping strategies, and how their stress might affect the security of their organizations. The survey focuses on CISOs working in small to midsize companies across industries with anywhere from 500 to 10,000 employees and a security team of five people or less.
Security Staffing Issues
All CISOs reported that they need more resources to cope with the daily IT and security challenges they face.
The urgency to hire and onboard new employees only adds to the stress CISOs face. Seventy-four percent of survey respondents said they lost team members due to work-related stress. Forty-seven percent reported that more than one team member has quit during the last 12 months.
Given their large workloads, increased needs, and gaps in their teams, many CISOs feel that they have no choice but to hire employees despite lacking the right skills. Eighty-three percent acknowledged that they have had to make concessions in their hiring selections.
Stress-induced Security Gaps
When CISOs are overtaxed, security gaps are likely to occur.
Seventy-seven percent reported that important work initiatives have suffered due to limited bandwidth, while 79% said that they’ve had complaints from their board, colleagues, and employees about the effectiveness of their work.
Moreover, 66% of respondents admitted that their stress levels affect their ability to enact crucial security measures for their organization, making the strain on security teams a critical concern for an enterprise’s overall success.
Cynet also asked respondents if they were spending most of their time and energy on tactical tasks or strategic tasks. The survey found that 93% believed they were spending more time on tactical and operational tasks than they should, which implies that they are likely not keeping pace with the rapidly shifting threat landscape.
A Toll on Personal Lives and Health
Stress is also having detrimental effects on CISOs outside of work, affecting their family lives, social engagements, vacations, and mental health. Eighty-four percent of CISOs reported that they have canceled at least one vacation due to an urgent work issue.
Impact of Work Stress on Health-related Issues
The consequences of prolonged stress can have lasting impacts on physical and mental health, including nutrition and sleep. With about 91% of CISOs consistently working more than 40 hours per week, 64% said they regularly miss social events (events that might ease their stress) due to fatigue. Their stress extends to their families, as well, with over half of respondents reporting that work stress has made them lose their temper in front of loved ones.
What Can Organizations Do to Ease CISO Stress?
When asked what actionable improvements might mitigate their stress levels, most CISOs didn’t point to increasing the headcount of their security teams. Instead, 45% indicated they needed more automated tools. In addition, 41% of CISOs said that better training would reduce their stress level, while 40% said outsourcing some of their responsibilities would help. Another 40% said they needed clearer direction from management.
How Can Organizations Reduce Stress Levels at Work
In terms of technology, most respondents (57%) said needed consolidated security technologies that they could access through a single platform or interface. Fifty-one percent said they needed automation of time-consuming, repetitive manual tasks, and 50% indicated they needed additional protection technologies. Forty-nine percent said they needed access to expert cybersecurity guidance and recommendations.
The Bottom Line
Cybersecurity has become the top priority for many businesses, resulting in large investments and increased scrutiny. As a result, many CISOs believe the success of an enterprise rests on their shoulders. Cynet found that 71% of CISOs believe their jobs are more stressful than that of their coworkers.
The bottom line is that secure and efficient businesses run on the power and guidance of healthy employees. Businesses must prioritize reducing the stress levels of their security teams, not only to retain talent but to keep their organizations secure. Overextended security teams make organizations more vulnerable to security threats, while at the same time prevents CISOs from prioritizing initiatives and technologies that might ease burdens and lessen workloads in the future.
Read more about:
Risk ManagementAbout the Author
You May Also Like