Employee well-being has become a primary focus for many businesses. Even before the pandemic, the C-suite was acutely aware of how employee mental health impacts business outcomes.
But for cybersecurity professionals, stress has always been a part of the job.
A new survey revealed that one of the most concerning aspects of employee mental health is how it impacts cybersecurity programs and, more broadly, a business' ability to protect itself from cyberattacks. CISOs and their teams appear to be taking the brunt of unmitigated work-related stress levels and it's affecting the entire organization.
CISOs at small to midsize businesses with teams of five employees or fewer were surveyed to better understand how work-related stress is impacting CISOs – from their ability to do their job and lead their team to how it's affecting their own professional outlook and personal life.
Here's what the survey results revealed.
The Impact of CISO Work-Stress Levels on Small to Midsize Businesses
Among the CISOs surveyed, there was a distressing number of respondents suffering from work-related stress. According to the report, 94% of CISOs reported being stressed at work, with 65% confiding that work-stress levels compromised their ability to protect their organizations. More than 70% of the CISOs surveyed believed their stress levels were higher than their colleagues in other areas of the business.
Unfortunately, CISO stress levels were not confined to the leadership role. Employee burnout is spreading like wildfire across security teams. Increased workloads are affecting all levels of the department, creating high churn rates while simultaneously hampering recruitment efforts. Nearly three-quarters of the CISOs surveyed said they had employees quit during the past year because of stress – with 47% reporting more than one employee exiting their role.
The rise in churn rates is leaving CISOs with a limited pool of candidates, underscoring the current talent shortage that is happening across the cybersecurity space. When asked about their hiring process, 83% of CISOs said they have had to compromise on candidate selection – hiring employees who lacked necessary skills and capabilities.
CISOs on the Job: Why So Many CISOs Are Reconsidering Their Role
Today's economic climate is having a major impact on cybersecurity departments. Reduced budgets, hiring freezes, and lack of resources are all leading to untenable workloads for CISOs and their staff. In fact, 38% of CISOs reported they are considering or actively searching for a new job.
The reality is that security teams are inundated with alerts – required to manage an overwhelming number of cybersecurity threats coming from all directions. The surge in work responsibilities is putting a spotlight on cybersecurity program gaps with many outside of the IT department questioning the safety of the organization. Nearly 80% of CISOs surveyed said they had received complaints from their bosses, colleagues, or subordinates about how security tasks were being handled.
Consequently, 93% of CISOs say they are spending more time than they should on tactical tasks (versus strategic high-quality work). It's a vicious cycle: the lack of appropriate headcounts and resources lead to CISOs managing too many tedious, redundant work tasks which result in less than satisfactory security outcomes – opening the door to high-stress work environments.
CISOs at Home: How Work-Related Stress Is Impacting Their Personal Life
Anyone who has ever held a job knows it's difficult to leave work-related stress at work. But for CISOs, it's especially difficult to manage a healthy work-life balance because of the critical and immediate nature of their work responsibilities.
According to the survey, a whopping 84% of CISOs said they had postponed or canceled a vacation because of an urgent security task – 11% report this has happened four or more times during the past year. Work fatigue has caused 64% of CISOs to cancel a private event and 77% of the CISOs surveyed claim that work-related stress is impacting their physical health.
The survey makes clear how CISO stress levels are impacting every part of their life; meanwhile, cybersecurity threats continue to grow at an alarming rate.
How Businesses Can Help Reduce CISO Stress Levels
The mental health of your employees impacts every facet of the business. According to a report from the MIT Sloan Management Review, "Organizations outperforming their peers are those that have cultivated a strong sense of empathy and flexibility, developed new skills to address workforce needs, and extended holistic mental health support to employees."
A stressed out security team is not operating at full capacity, missing key threats and leaving the organization vulnerable to attacks. It stands to reason that improving work-related stress levels for CISOs – and their staff – has a direct impact on the business' cybersecurity efforts. But what deliberate steps can businesses take to reduce work-related stress levels?
For starters, 100% of CISOs said they need additional resources to cope with security challenges, including automation capabilities, better training opportunities, and the ability to outsource tasks. More than half of the CISOs surveyed want the ability to consolidate security technologies on a single platform – a move they said would directly impact their work life, helping to lower stress levels.
Ultimately, businesses that fail to address CISO stress levels are putting their company at risk. It is impossible to prioritize cybersecurity initiatives without taking into account the mental health of the teams that manage it. Protecting your CISO's well-being is the first step to protecting your business.
To find out how you can reverse rising CISO work stress levels and better protect your business, download Cynet's full report now: 2023 Implications of Stress on CISOs 2023 Survey.