94% of CISOs Face Work-Related Stress, Leading to Retention Snags

February 28, 2023 - According to the "Implications of Stress on CISOs 2023 Report" by Cynet, security teams are facing retention snags due to the elevated levels of work-related stress experienced by their chief information security officers (CISO).

To gain insight into the impact of work-related stress and mental health on the professional and personal lives of CISOs at small to midsize businesses, Cynet conducted a survey among those with security teams comprising no more than five employees.

The recent survey results indicated that an overwhelming 94 percent of CISOs reported being stressed at work. CISOs are working an average of 43.1 hours per week. However, this figure does not account for impromptu duties like checking emails or responding to brief inquiries from team members outside of regular working hours. On the higher end, 7 percent of the surveyed CISOs stated they work between 50 and 59 hours per week.

Of the respondents, 65 percent stated that work-related stress issues affected their capacity to safeguard their organization.

The survey found that 77 percent of CISOs believed that their insufficient bandwidth and inadequate resources have caused critical security initiatives to be neglected. What’s more, 79 percent of these CISOs have received complaints from board members, colleagues, or employees claiming security tasks are not being adequately handled.

Meanwhile, all the CISOs surveyed expressed the need for additional resources to effectively manage current IT security challenges.

Insufficient resources and capacity are affecting not only CISOs but also their teams. Of the surveyed CISO teams, 74 percent reported losing team members due to work-related stress issues.

Nearly half of the teams had more than one CISO resign over the last 12 months, according to the report. The impact of stress levels is seen in retention rates and recruitment efforts, with 83 percent of CISOs admitting they have had to compromise on the quality of new hires to fill vacancies left by departing employees. Even though 19 percent say that they have only done this once, 46 percent admit to doing it sometimes, and 19 percent said they are doing so frequently.

“The well-known cybersecurity talent shortage is real. Given today’s sophisticated threat landscape, filling roles with an inexperienced or less competent staff is a recipe for disaster,” the report stated. “However, CISOs may feel they have no choice.”

 Over a third of the CISOs surveyed stated they are actively seeking or considering a new role.

When asked about the technology initiatives that could positively impact their work-related stress levels, 57 percent of the respondents cited consolidating multiple security technologies on a single platform or interface as a possible solution. Additionally, 51 percent of the respondents believed automating time-consuming and repetitive manual tasks would be helpful, and 50 percent suggested that adding additional protection technologies could make a difference. Furthermore, 49 percent of the respondents expressed that access to expert cybersecurity guidance and recommendations could reduce their stress levels.

Jefferson Health and other organizations are relying on technology, investing in entry-level talent, and lowering entry barriers for those aspiring to be cybersecurity professionals. These initiatives have helped address some challenges caused by the limited cybersecurity workforce, retention issues, and recruitment obstacles.