UK and US CISOs are facing burnout as they struggle to cope with escalating cyber-threats, insufficient budgets and a lack of engagement from the board, according to Nominet.
The DNS security provider commissioned Osterman Research to poll over 400 security bosses on both sides of the Atlantic for its report, Life Inside the Perimeter: Understanding the Modern CISO.
It found that the stresses of the modern role are increasingly taking their toll on CISOs’ personal and professional lives.
Almost all (91%) respondents said they suffer moderate or high stress, with 60% saying that they rarely disconnect from their job — that’s despite most (88%) already working over 40 hours per week.
Part of this stress is caused by the pressure of keeping threats at bay: 60% of respondents admitted to finding malware which had been there for an unknown period of time. Nearly a third (32%) said that they’d lose their job or receive an official warning in the event of a breach.
However, a large part of the stress CISOs feel they’re under appears to stem from the attitudes of the board.
Only half (52%) said executive teams value the security team from a revenue and brand protection standpoint and nearly a fifth (18%) claimed board members are indifferent to, or see them as an inconvenience.
These findings chime somewhat with a Trend Micro study from 2018 which found that 43% of global organizations view security as an afterthought in IoT projects and only 38% even consult the CISO at all when deploying solutions.
Nearly two-thirds (65%) of the CISOs Nominet polled claimed this lack of engagement with the board was a major challenge. It may also explain why just 43% claimed they have sufficient budget to tackle current threats.
As a result of these factors, the pressure is reaching boiling point for many.
Over a quarter(27%) of CISOs polled said stress is impacting their mental or physical health, while 23% said the role is damaging their personal relationships. Even worse, 17% admitted they had turned to medication or alcohol to deal with workplace stress.
“CISOs around the world are facing mounting pressures amid a rapidly shifting cyber landscape. Criminals are forever finding ways to exploit vulnerabilities, and do not discriminate against the businesses they attack. Everyone is a target,” argued Nominet CEO, Russell Haworth.
“It’s no surprise that CISOs are facing burnout. Many lack support from within their organizations, and senior business leaders need to face the facts: the threats are real, and CISOs need to be given the resources and support to tackle them. If not, the board must face the consequences.”
Just last month, the newly appointed first CISO of NHS Digital resigned only three months into the job, citing personal reasons.