It's beginning to look a lot like a cyberattack -- demands of the job hit CISOs' private lives
Two in five CISOs have missed holidays like Thanksgiving due to work demands and a quarter haven't taken time off work in the past 12 months.
A new report from Tessian based on a study of 300 CISOs also shows that they work, on average, 11 more hours than they're contracted to each week while one in 10 works 20 to 24 hours extra a week.
Given this level of stress it's no surprise that 59 percent of CISOs say they struggle to always switch off from work once the working day is over.
The demands of the job are taking a toll on personal lives -- 42 percent of CISOs say they have missed a federal or national holiday like Thanksgiving or Christmas, and 40 percent have missed a family vacation due to work. One-third of CISOs report being unable to exercise regularly and 44 percent have missed doctor’s appointments.
"There is this unfortunate trend of heroism in the security industry," says Josh Yavor, Tessian's CISO. "As security leaders, some of our most exciting stories include pulling all-nighters to defend the organization or investigate a threat. However, we often fail to acknowledge that the need for heroics usually indicate a failure condition and are not sustainable. Like any job function, CISOs have their limits and need to advocate for themselves and time constraints to avoid burnout. As leaders, it's critical that CISOs are able to lead by example and to set their teams up for sustainable operational work. Heroics are sometimes unavoidable, but we should be accountable for ensuring they are not the norm."
The report also shows that 38 percent of CISOs believe they're spending too much time in departmental meetings and reporting to the board on cybersecurity, while one-third also feel drained by administrative tasks. Similarly, 38 percent of CISOs report feeling that they are spending too little time on their own career development. When asked to elaborate on what they are not spending enough time on, respondents cite: hiring talent for my team (36 percent), attending non-departmental meetings (38 percent), communicating to customers (35 percent), researching new industry updates and trends (36 percent) and working on my own career development (38 percent).
The full report is available from the Tessian site.