Nominet research suggests that businesses get $30k (£23k) ‘free’ CISO time while impact of stress on mental health doubles in 2020. CISO’s say they’d forfeit $10k (£7.5k) of salary for a better work-life balance, while 97% of the board says they want CISOs to deliver even more value.
CISO stress remains high and it is taking a greater toll on their personal lives and mental health, with stress levels for the latter doubling year on year. The board’s understanding of these pressures appears to be increasing, but this hasn’t translated into action.
Work stress is impacting CISO health and damaging relationships
The vast majority of CISOs remain moderately or tremendously stressed. However, this stress is now taking a greater toll on CISOs’ mental and physical health, and their personal relationships, most worryingly with their partners and children. To combat this, even more CISOs are turning to medication or alcohol to deal with it, which in turn is negatively affecting their ability to carry out their duties. These are no doubt contributing factors to burnout and the shortening amount of time CISOs are spending in their roles.
Insight from Industry Leaders
Overworked CISOs would sacrifice salary for better work-life balance
It transpires that almost all CISOs are working beyond their contracted hours, on average by 10 hours per week. Even when they are not at work many CISOs feel unable to switch off. As a result, CISOs reported missing family birthdays, holiday, weddings and even funerals. They’re also not taking their annual leave, sick days or time for doctor appointments, contributing to physical and mental health problems.
Revealingly, the vast majority of CISOs said they’d take a pay cut if it improved their work-life balance. On average, CISOs said they’d be willing to give up a portion of their wage equating to $9,642 (£7,475) per year.
Insight from Industry Leaders
More support needed from the board
So where does the C-Suite sit in all this? The findings indicate that the board does take security seriously, with almost half revealing that cyber security is a “great” concern to them. They are actually more likely than CISOs to think that cyber threats are a “high” or “very high” risk to their business.
They are also aware of the high-pressure nature of the CISO’s job, with three quarters saying they believe their security team to be moderately or tremendously stressed. That said, many still hold the CISO responsible for a breach and expect them to deliver more value to the business.
Research into the attitudes of the board shows that they understand the risk of cyber crime to their organization and they even appreciate that the CISO is placed under considerable stress to combat this risk. However, this awareness has clearly not translated into support for the CISO. Until this stress is relieved, the CISO’s ability to deliver value to the business will be diminished as their ability to do their job is hampered and they quickly become burnt out.
The role of the CISO can be improved by a better working relationship with the board. It’s therefore important that the C-Suite recognize that improving the CISO’s working life can only have positive outcomes for the business. With a strong and empowered CISO at the head of their security team, organizations will face less risk, be better protected, be more able to deal with a security breach when it hits and ultimately become safer from cyber crime.