The pandemic has put a lot more stress on IT and Tech leaders because of the digital transformation that took place overnight and people continue to work from home. CISOs came top of the table as they are facing an incredible amount of pressure with this rapid change.
Burnouts and pressures are inevitable, we all must have experienced it in some capacity in our lifetime but the concern is about those who suffer the burnouts consistently in their roles.
Burnouts are not good; they can make it challenging for the person experiencing it to perform their day-to-day tasks. With the pandemic, things became worse and everyone felt an outstanding level of stress around the world, exacerbating existing mental health issues while also creating new ones.
The CISOs aren’t OKAY!
According to Nominet’s The CISO Stress Report, your organization’s CISO might be on the verge of a breakdown.
- 95% of CISOs are working beyond their contracted hours, on average by 10 hours a week (which equals ~$30k/year of unpaid work)
- 87% say working additional hours is expected.
- 23% turn to alcohol and medication to manage stress.
- 45% have missed family milestones or activities.
- 40% said their stress levels have impacted their relationship with family or children.
- 21% believe there are no support structures in place to deal with stress.
- 71% of CISOs say their work-life balance is heavily weighted towards work.
- ONLY 2% say they’re not able to switch off work mode during evenings and weekends.
- 97% of the C-Suite said that security teams could improve on delivering value for the amount of budget they receive.
The Daunting Disruptions
“Another one”, is what most CISOs say when they walk in their cabin, with the increase in the threat landscape and every breach being more and more sophisticated the pressure on CISO is increasing too. Many CISOs feel that they are not heard and the organization ignores their warnings, not just these CISOs are often excluded from business decisions or they are contacted very late when there is an urgent requirement.
Three major challenges that are making the storm worst:
- Today’s cybersecurity organization is severely underfunded, the budget is not in sync with the need. Very few organizations define their security budgets as a variable and contingent cost of doing business. As a result, CISOs often struggle to scale their efforts in the fast-evolving business initiatives.
- Regulatory compliance is an added responsibility for CISOs, the global compliance environment is becoming more complex with new regimes operating at regional and national levels worldwide, draining their precious time.
- Surprisingly CISO’s relationship with other leaders is not that good. To manage the cyber risk related to digital transformation, CISOs need to be involved at the earliest stages of business decision-making. But the relationships between the cybersecurity team and other functions in the business lack positivity, collaboration, and strength.
While it is an assumption in many organizations that the responsibility of security lies with the CISO alone, but we need to stop this assumption because security was and never will be one person’s thing. Cybersecurity is a collaborative approach, and security should be essentially baked into everything the organization does, therefore spreading accountability across the organization, which can help in lessening the pressure on CISOs.
What can we do?
Employees, partners, and customers will continue to expect services and transactions 24/7 as the threat surface will keep expanding, developing, and innovating. Cybersecurity is not just a technology challenge but also a human challenge. Attending regular cybersecurity training and learning not to click on the suspicious phishing link shared via an unknown email alias are simple steps that can immensely help security teams and take some pressure off the CISO.
CISOs hold a great deal of responsibility, which can be overwhelming, stressful, and even emotional at times. Organizations need to ensure that IT leaders especially CISOs are safe from stress and other mental issues the only way they can keep you safe from expanding threats. After all, their health and well-being are just as critical to an organization’s resiliency as its technology.
The organizations need to ensure that the CISOs have enough breathers during the never-ending battle against the threat actors.
Read about the 6 major attacks of 2021 Here.