US cybersecurity leaders are being put under increasing pressure to compensate for process gaps and tackle escalating threats, with many working the equivalent of six or seven days a week, according to Seemplicity.
The security vendor polled 300 CISOs and their equivalents to produce its State of the Cybersecurity Workforce Report.
It revealed that 45% of respondents work 11+ extra hours per week – equivalent to an additional day – and 20% work an extra 16+ hours weekly.
As a result, 44% said their role feels emotionally exhausting more often than rewarding, rising to 56% of C-level respondents.
A further two-fifths (43%) said they’re unable to take time off without creating a huge amount of stress upon their return.
Yet the vast majority (94%) claimed they would still choose cybersecurity as a career.
AI Is Changing the Nature of Work
Counterintuitively, the proliferation of AI in the enterprise appears to be creating more work for CISOs by accelerating the evolution of the role into something more business centric.
Some 85% of respondents said they feel more pressure to improve their communication, interpersonal and business skills as a result of AI adoption. And 82% report that people skills are more central to their success than they were five years ago.
“The findings suggest that the maturity of AI tools is moving the human center of gravity from execution to interpretation. As automated systems generate more outputs and handle more low-level remediation, cybersecurity leaders are increasingly responsible for resolving ambiguity, justifying trade-offs, and translating technical risk into business-relevant terms,” the report claimed.
“In this new environment, skills previously categorized as secondary have become operational requirements. The data confirms that as the speed and scale of automated decision-making increases, the requirement for human oversight and cross-organizational influence increases.”
Organizations and security leaders that fail to adapt accordingly risk creating a governance gap, “where automated tools operate without the necessary human-centric guardrails to align them with business goals,” Seemplicity warned.
Yoran Sirkis, CEO of Seemplicity, claimed the cyber workforce is hitting an inflection point.
“For years, the industry tried to solve every problem by adding more tools, more alerts, and more people,” he added.
“AI is changing that model. It’s forcing a shift toward smarter prioritization, clearer ownership, and leaders who can translate technical risk into business decisions. The organizations that thrive will be the ones that redesign the role around outcomes, not just activity.”