CISOs are highly-driven to protect their companies at all costs – often to the detriment of their own health. Alicia Buller looks at ways to ease the load of the nation’s most stressful job
For the first time, in 2022, exec search firm Heidrick & Struggles’ included a new question in its Global Chief Information Security Officer Survey: “What are the top personal risks you face in your role?”
Burnout and stress came out on top. In Europe, respondents shared that stress related to the role (54%) and burnout (35%) is driving higher staff turnover and causing distraction within teams. As pressures mount and leaders leave their roles, the median CISO cash compensation rose 4% to £318,000 in 2022, up from £306,000 in 2021.
Guy Shaul, principal at Heidricks & Struggles, comments: “CISOs are aware that there is more and more personal liability – they feel on the hook for that liability.”
According to Shaul, the CISO community is generally under crushing pressure. While the problem is hard to quantify, it’s likely that the issue of burnout may be putting people off leadership positions, he says.
Anthony Young, co-CEO of Bridewell, says most organisations are struggling to recruit cyber talent – despite the growing post-pandemic attack surface. “Organisations are fighting for talent at the moment, which makes it even more important to spot the signs of burnout in your teams.”
Young adds: “CISOs always have one question in the back of their mind – ‘What happens when the worst happens?’ As you can imagine, that thought can keep you awake at night. It’s like hitting your head against a brick wall. The more you know about cyber risks, the more you start to see the risks and want to fix them.”
How do you spot burnout? According to Young, it can be difficult to spot burn out because everyone reacts differently.
“You could have someone who has been really engaged and then you start to see that disengagement over time. They may start to reduce the amount of exercise they are doing. They may neglect their self-care routine to work. You’ll see their work-life balance going the wrong way. They become irritable, tired… working too many hours,” he says.
James Lyne, CTO of SANS Institute, adds that CISOs tend to be highly committed to the job – sometimes to a “pathological” degree.
“They take it personally when something slips. I love that passion, but sometimes it lacks boundaries and morphs into an unhealthy desire to succeed.”
Lyne says to watch for those CISOs who work long hours and enter a spiral of exhaustion. “Look out for that team that “runs hot and continuously runs hot”, he adds.
Lyne advises that managers block out reflection time for their teams, “force it, make it happen”.
The CTO also recommends personal development training. “Get your team on an appropriate roster. Get them to take a week to reflect and create a policy around it – it can be incredibly powerful for regrouping and finding new ways to work.”
Lyne adds that it’s vital to create an environment where the team is comfortable saying they are struggling. “It requires purposeful effort. It’s about choosing to care and choosing to retain your staff.”
Jasmine Eskenzi, founder and CEO of The Zensory – an immersive ‘sense hacking’ platform designed to increase focus, performance and recalibration – comments: “As stress mounts for cybersecurity professionals, their ability to focus on their job, remain calm and stay aware of potential threats, decreases. This is due to something called an amygdala hijack; when our brain is under high stress, it goes into fight or flight mode and our clear-thinking brain (prefrontal cortex) can't function properly.
“The high levels of stress are not only damaging our health and relationships, but are literally preventing us from thinking clearly, making us incredibly vulnerable targets for oncoming security threats too.”
Eskenzi adds: “It's not surprising that burnout is so high when we look at the increasing threat landscape. The current technological skills gap doesn't help as there is frequently too much work for too few people, who can feel like the world is resting on their shoulders.”
Registering with SC Media is 100% free. Join tens of thousands of cybersecurity leaders today and gain access to the latest analysis shaping the global infosec agenda.