1 in 3 CISOs Fears Losing Job
A new study of CISOs in the U.S. and U.K. reveals skyrocketing workplace stress among these executives.
While few will be surprised to hear that stress levels at the top run extraordinarily high, it’s shocking to learn that 91 percent of CISOs surveyed report suffering physically or mentally from stress. Part of the reason may be that 60 percent say they can never turn their mind away from their work responsibilities. Despite near constant attention to the security of their companies, one-third say they feel no security for themselves and actually fear losing their job.
The study was conducted by Osterman Research and commissioned by U.K.-based Nominet, which has run the .UK domain name registry for more than 20 years, handled wireless spectrum management, and provided cybersecurity for the U.K. government and other clients. Nominet has announced it will launch in North America on March 1.
CISOs’ fears of pending job loss center partly on specific threats. Seemingly proof that the stuff of their nightmares is “out there” hidden but harming the company, is the unsettling fact that nearly seven in 10 CISOs have already discovered malware hidden on their networks and that it has been there “for an unknown period of time.”
Most CISOs feel there isn’t much more they can do to further secure their companies or their own jobs. More than half (57 percent) say their budgets and resources are too limited to effectively deal with the growing threat landscape.
They also feel they aren’t likely to see more money and resources allocated for their teams. Only about half (52 percent) of CISOs feel they and their security teams have executive buy-in and respect, and almost on in five (18 percent) believes their board members are indifferent to the security team or find them to be an inconvenience. The responding CISOs said that a lack of senior buy-in is an prevailing issue, with 65 percent claiming it’s a barrier within their organization.
Indeed, CISOs might indeed be living on borrowed time. The researchers discovered that less than one-third of CISOs keep their job for more than three years.
While 60 percent of CISOs believe that their CEO/president agrees a breach is inevitable, nearly one-third (32 percent) expect to either lose their jobs or get an official warning or reprimand if a breach occurs. The situation is even more dire for CISOs in the U.K., where 37 percent believe they would get a warning or be fired. Only 28 percent of CISOs in the U.S. believe that to be the case.
Combined, these pressures are the likely causes behind 17 percent of CISOs admitting to using medication or alcohol to cope with stress.
“It is of paramount importance that we address organizational stress and extra emphasis ought to be paid to CISOs. As a group of employees, they are faced with overwhelming pressure. Errors in their judgment, caused by excessive work-related stress, can indeed have detrimental effects upon business and personal data,” said Dimitrios Tsivrikos, a business psychologist and lecturer at University College London.
MSSPs may also be invaluable in relieving CISOs of some of these pressures. For example, the added resources can aid with shortfalls such as in security talent and outdated technologies. While not a panacea, MSSPs can become a valuable partner by providing services that address the CISO’s most prevailing concerns.