Two in five Chief Information Security Officers (CISOs) have missed holidays like Thanksgiving due to work demands, a Tessian report reveals. In addition, one-quarter have not taken time off work in the past 12 months.
In addition to missing national holidays, the report reveals that CISOs work, on average, 11 more hours than they’re contracted to each week while one in 10 works 20 to 24 hours extra a week. As a result of their stressful jobs, 59% of CISOs say they struggle to always switch off from work once the working day is over.
Cybersecurity incidents caused by human error drain resources
According to a separate survey, employee-related security incidents take up a significant amount of CISOs’ time. It reveals that security teams spend up to 600 hours per month investigating and remediating threats caused by human error – the equivalent of nearly four employees’ full-time workloads.
A quarter of security leaders said they spend between nine and 12 hours per month investigating and remediating each threat caused by human error, while more than one in 10 spend over a day. So it’s no surprise that 34% of CISOs reported spending excessive time on triaging and investigation.
In addition, 38% of CISOs believe they’re spending too much time in departmental meetings and reporting to the board on cybersecurity, while one-third also feel drained by administrative tasks. Similarly, 38% of CISOs also report feeling that they are spending too little time on their own career development.
When asked to elaborate on what they are not spending enough time on, CISOs said: hiring talent for my team (36%), attending non-departmental meetings (38%), communicating to customers (35%), researching new industry updates and trends (36%) and working on my own career development (38%).
CISOs miss out on key calendar moments
Due to demanding day jobs, CISOs are missing out on important events and family holidays, and are even putting their health at risk by missing doctor’s appointments – something 44% of CISOs have experienced in the last year.
In addition, 42% of CISOs say they have missed a federal or national holiday like Thanksgiving or Christmas, and 40% have missed a family vacation due to work. One-third of CISOs report being unable to exercise regularly.
“There is this unfortunate trend of heroism in the security industry,” said Josh Yavor, Tessian’s CISO. “As security leaders, some of our most exciting stories include pulling all-nighters to defend the organization or investigate a threat. However, we often fail to acknowledge that the need for heroics usually indicate a failure condition and are not sustainable. Like any job function, CISOs have their limits and need to advocate for themselves and time constraints to avoid burnout.
“As leaders, it’s critical that CISOs are able to lead by example and to set their teams up for sustainable operational work. Heroics are sometimes unavoidable, but we should be accountable for ensuring they are not the norm.”
Automating security to free up hours lost to cybersecurity incidents
The ROI calculator shows that by using security solutions which automatically prevent threats caused by human error, like accidental data loss or phishing attacks, an enterprise with 1,000+ employees can save over 26,000 hours in a year by freeing up the security teams’ time and resources dedicated to investigation and remediation, policy management and security awareness training.
When asked what they would do with this time back in their schedules, CISOs said they’d spend more time with family and friends, looking for ways to innovate and improve business strategy, resting or sleeping, exercising and traveling emerged as the most popular responses.