Estimated reading time: 2 minutes, 15 seconds

Cybersecurity Execs Still Suffer from High Stress

Tuesday, Feb 25 2020
Cybersecurity
Written by  Security Tech Brief Staff

A new report finds that, just like last year, top cybersecurity pros are reporting high degrees of stress that are affecting their work and personal lives.

stress 391654 640smallUK domain name seller Nominet has released its second annual study on chief information security officers and their burnout levels. It is based on a survey of 800 CISOs and executives from large companies in American and Britain. According to the results, 88% of CISOs reported feeling “moderately or tremendously” stressed, down just slightly from 91% a year ago. The share of CISOs who said work stress has had a negative effect on their mental health doubled from 2019, to 48%.

This year, the survey also asked CISOs about their personal lives. Among respondents, 40% said their stress levels had affected their relationships with their family or children.

As Nominet notes in its report, such data requires context. “Anyone working at a high level in a big company must carry a weighty responsibility, which can cause stress,” Nominet CEO Russell Haworth writes. “That said, some of this could be mitigated if there was more harmony between the C-suite executives’ expectations and understanding of the role, and the reality for their CISO on the ground.”

Among C-suite respondents, 78% of them recognized that their CISOs are working extra hours. Still, 97% said they thought the security team could do a better job of providing value for the money. All of this relates to the survey finding that the average CISO tenure is 26 months, up slightly from 18 to 24 months in last year’s report.

How can CISOs lessen their anxiety in the year ahead? David McLeod, CISO for Atlanta conglomerate Cox Enterprises, tells Forbes.com that training employees about security risks and preparing to recover from an all-but-inevitable breach should be the top priorities for 2020. McLeod also recommends making an effort to streamline existing security systems and finding a cost-effective way to adapt to increasing regulation.

Vivek Khindria, CISO for Canadian food retailer Loblaw Companies Limited, agreed about the importance of training. “We need to teach everyone about the business’s risk appetite, and then train them on security principles,” Khindria told Forbes.com.

Along with training, Greg Jensen, who is senior principal director of cloud security at tech giant Oracle, recommends automating tasks such as patching software. “Automation is the only way that we’re able to get ourselves out of this conundrum," Jensen told Forbes.com.

A separate report (PDF), by network security consultancy Critical Start, acknowledges that the stress isn’t limited to the top cybersecurity job at a company. Based on a survey of 50 security operations centers in the second quarter of last year, Critical Start finds that “SOC analysts continue to face an overwhelming number of alerts each day.”

Read 3302 times
Rate this item
(0 votes)
More in this category: « Equifax Data Breach: What China’s Role Means Spending Increases Not Sufficient to Curb Breaches: Surveys »

Visit other PMG Sites:
PMG360 is committed to protecting the privacy of the personal data we collect from our subscribers/agents/customers/exhibitors and sponsors. On May 25th, the European's GDPR policy will be enforced. Nothing is changing about your current settings or how your information is processed, however, we have made a few changes. We have updated our Privacy Policy and Cookie Policy to make it easier for you to understand what information we collect, how and why we collect it.
Ok Decline