There’s no doubt that stress is one of the most common problems people are dealing with nowadays and, in most cases, it’s work related. For some of them, like chief information security officers (CISOs), for example, it can reach dangerous levels and affect their physical and mental health.
If you are a chief security officer, you know what I’m talking about. Luckily, stress is something we can all learn to handle.
As the number of worldwide cyber attacks keeps growing and people are more and more aware of what this means for their assets, including personal data, it’s absolutely normal for CISOs to deal with increased amounts of work, constantly being on the front lines.
According to a recent study, 9 out of 10 chief security information officers claim they are suffering from moderate to high stress caused by their job, while 60 per cent of them report that they don’t disconnect so often from all their responsibilities at work.
UK-based security firm Nominet questioned 408 CISOs from both the United States and the United Kingdom regarding their jobs and they way they are handling responsibilities and it was revealed that the average officer is responsible for a company with at least 8900 employees.
Considering these statistics, I think we can agree that we’ve reached a time when stress plays a part in the mental health decline of the modern chief information security officer. In fact, 1 in 5 never had a two-week break from their job, in order to truly disconnect from daily activities, while just 52% of CISOs believe that executive teams really value their department. Let that sink in for a moment.
Yet again, all these worrying numbers don’t necessarily mean that stress is a neverending problem for chief information security officers!
If you’re a CIO or CISO and are interested in finding out how to handle this issue, let’s take a few moments and talk about the main reasons why you may be feeling under pressure at work.
3 Reasons why chief information security officers are stressed at work
1. Technology can sometimes fail you
ITProToday claims that 66% of CISOs are concerned that the companies they are working for could fall victim to a cyber attack or even data breach, while 60 percent of them believe that these concerns grow with each year.
And that’s not all.
65% of all respondents said that credential theft is one of the biggest issues, while 60% believe that IoT devices, no matter how innovative they are, can be considered one of the most challenging disruptive technologies, in terms of security.
And, of course, mobile devices are another big reason to worry, according to 54% of the respondents.
2. Workloads bigger than they can handle
One more reason why chief information security officers (CISOs) are increasingly stressed at work is the amount of time they actually spend at the office.
The same survey mentioned earlier from Nominet, reveals that the regular 40-hour workweek is definitely a rarity among CISOs. To be more specific, 20% of them admitted to being available on an around-the-clock basis, in case “something happens at the office”.
Almost 9 in 10 CISOs based in the United States usually take short breaks from work, never for two weeks or more at a stretch, which would allow them to completely disconnect and rest.
3. Lack of skills among the staff
It’s not a secret that a cybersecurity skills shortage significantly affects infosec professionals. 70% of them said that this shortage had an impact on their organization, increasing the workload on the existing staff.
This skill shortage created a situation in which the infosec staff ends up spending a disproportional amount of time trying to find a solution for high-priority issues, but also incident response. Basically, this means even more stress for CISOs at the workplace, starting with the very first hours of their work days.
As a side note, the cybersecurity skills shortage we’re talking about can be considered a real existential threat, as we tend to share a lot of data to a lot of organizations. And if the security of our information is not guaranteed, then we are dealing with a continuously growing problem.
Chief information security officers dealing with fatigue is a real concern. A first step towards remedying the situation could be to attract more experienced people to this industry, that can support CISOs’ efforts. Universities are doing great progress in offering appropriate courses, but there’s still a long way to go.
Better sourcing and more direct training could make sure that companies end up with very well-prepared professionals.
However, it’s not just about knowledge.
Organizational stress should be acknowledged as a real problem of CISOs, as this poses a real problem to an employee’s well-being, affecting their productivity, vigilance and overall performance. Therefore, a cultural change is needed at board level.
Cybersecurity should be classified as a strategic, business-critical function within a company, and have a proper seat at the table. When this happens, the amounts of stress CISOs are currently dealing with might actually start decreasing.