Enjoy unlimited access to all forum features for FREE! Optional upgrade available for extra perks.

One year on: CISO stress shows no signs of abating

Acorn Newsbot

Junior Member
Joined
Jan 28, 2006
Posts
22,606
Reaction score
126
If either of my sons expresses an interest in a cyber security career, I will be hoping that the current pressures on the CISO will have alleviated by the time they are old enough to take on the challenge. Despite the noticeable impact of Nominet’s alarming statistics in early 2019 about CISO stress levels – which continues to resonate closely with CISOs who themselves have spoken out – the situation has not improved.

In fact, CISO stress levels remain high and the negative consequences for their mental and physical well-being – not to mention their ability to carry out their job – are worsening. It is not the trend we hoped to find when we set out on our latest research, The CISO Stress Report: Life Inside the Perimeter, One Year On.

The one saving grace is that the findings provide more clarity on a situation that could become critical; as we increasingly digitalise and connect our world, cyber attacks gain greater potential to cripple businesses. In addition to speaking to 400 UK and US-based CISOs working for large companies, we also reached out to 400 C-suite executives for their views on the challenges faced by their head of cyber security. The aim was to see if beliefs and action tallied, hopefully identifying the pain points that are contributing to a working environment that could soon become intolerable, if it hasn’t already.

The top line is that almost one in nine CISOs (88%) consider themselves to be under moderate or high levels of stress. While this represents a small decrease from 2019 (91%), the impact on their mental health has doubled year on year, now up to a worrying 48%. Also, one in four CISOs report that stress has affected their relationships with partners and children, a statistic of little surprise when we discover that many CISOs admit to avoiding taking vacations and are missing important family events like birthdays, weddings and even funerals due to the demands of their job.

It’s sobering reading, but stats like these do need context. Anyone working at a high level in a big company must carry a weighty responsibility, which can cause stress. That said, some of this could be mitigated if there was more harmony between the C-suite executives’ expectations and understanding of the role, and the reality for their CISO on the ground. And it matters, because 31% of CISOs feel their stress levels are affecting their ability to do their job.

What do the C-suite think? While they recognise the stressful position their CISO is in, 78% of them agree that their head of cyber security is extra hours (on average, the CISO works 10 hours a week overtime) and 97% believe the security team could improve on delivering value for money for the budget they receive.

Expectations are high, and pressure is compounded by the lack of understanding of cyber threats and the landscape in which a CISO is working. Around a quarter (24%) of CISOs say that their board doesn’t accept that breaches are inevitable, despite this having become a widely acknowledged fact by experts in the field, and a fifth (20%) of CISOs expect to be fired even if they weren’t directly responsible for an incident. Indeed, the average tenure of a CISO is just 26 months, which, you could argue, could open a business to greater risk if longer term depth of knowledge around a businesses’ processes and systems to thwart vulnerabilities is not established.

How do we start to change this? As with so many tension points in business, better communication can have an immediate effect. A steady flow of information about security to the C-suite will help them better understand the situation, allowing CISOs to communicate their concerns and advice in the context of a broader analysis of the business’ security posture.

Ensuring cyber security is a regular feature at board meetings can help deepen understanding, which can in turn fuel better processes and practices. Hopefully that wider awareness and incremental knowledge will drive boards to fund more staff training and consider allowing more budget to support this key and core aspect of the business. This is something the CISOs are crying out for.

Eventually, these tweaks will start to positively impact the culture of the wider organisation, creating a working environment that is more supportive and collaborative, rather than combative and pressurised. As our own CISO, Cath Goulding, often tells me, cyber security is a team game that we all need to play together if an incident is to be avoided. Cath isn’t shirking from her responsibility, but is helping me to understand that cohesion and team work are vital to keep a company secure, because every single individual can pose a risk. It follows therefore that no single individual can bear the blame.

While our report uses the CISO as a springboard, this issue is about so much more than the wellbeing of one employee. Boards and C-suite executives – the people with the true power in a business – need to recognise that the measures that would improve the wellbeing of the CISO would concurrently raise the security posture of their whole organisation. A stressed CISO is not going to be doing their best work, and a fractured business is not going to be proactively cyber secure. This could result in the cyber attack – when it comes – being terminal. In digital times and against technological foes, we sometimes need to be better humans to keep ourselves and our businesses secure.

The post One year on: CISO stress shows no signs of abating appeared first on Nominet.

Continue reading...
 

The Rule #1

Do not insult any other member. Be polite and do business. Thank you!

Members online

No members online now.

☆ Premium Listings

Sedo - it.com Premiums

IT.com

Premium Members

Acorn Domains Merch
MariaBuy Marketplace

New Threads

Domain Forum Friends

Other domain-related communities we can recommend.

Our Mods' Businesses

Perfect
Laskos
*the exceptional businesses of our esteemed moderators
General chit-chat
Help Users
  • No one is chatting at the moment.
  • Helmuts @ Helmuts:
    please
    brave_qptn86fptt-png.4616
  • D AcornBot:
    DLOE has left the room.
  • Helmuts @ Helmuts:
    also, please keep the restriction in regards to posting > posting permission should be available to members only
  • Daniel - Monetize.info @ Daniel - Monetize.info:
    Welcome everyone!
  • Helmuts @ Helmuts:
    @Daniel - Monetize.info
    chrome_8fedcfysiy-png.4617
    .. can you see this one?
  • Helmuts @ Helmuts:
    nice, isn't it? :)
  • alan AcornBot:
    alan has left the room.
    • Wow
    Reactions: Jam
  • alan AcornBot:
    alan has joined the room.
  • alan AcornBot:
    alan has left the room.
  • alan AcornBot:
    alan has joined the room.
  • Helmuts @ Helmuts:
    Hi Alan
  • Helmuts @ Helmuts:
    long time no see
  • Helmuts @ Helmuts:
    hows parachute doing?
  • Helmuts @ Helmuts:
    :) huhhh.. Joe Rogan has just published an interview with Donald Trump
    To view this content we will need your consent to set third party cookies.
    For more detailed information, see our cookies page.
  • Helmuts @ Helmuts:
    almost 3 hours..
  • Helmuts @ Helmuts:
    morning all :)
  • Helmuts @ Helmuts:
    .. is anyone going to domain day in Dubai or icann Turkey?
    • Like
    Reactions: gdomains
  • boxerdog AcornBot:
    boxerdog has left the room.
  • Helmuts @ Helmuts:
    Greetings from Istanbul, Turkey!
  • alan AcornBot:
    alan has left the room.
  • C AcornBot:
    cav has left the room.
  • BrandFlu AcornBot:
    BrandFlu has left the room.
      BrandFlu AcornBot: BrandFlu has left the room.
      Top Bottom