October is Cybersecurity Awareness Month, and through our discussions with Chief Information Security Officers (CISOs) and research for our Cybersecurity Skills Gap report, it's apparent that the shortages of appropriately trained and skilled employees are contributing to feelings of stress and burnout for CISOs and other cybersecurity pros.
With this in mind, we felt this month was a good time to focus on health and wellness for cybersecurity professionals, and many credible sources agree. In fact, in early 2019, Forbes magazine published an article, “Cybersecurity Mental Health Warning -- 1 In 6 CISOs Now Medicate Or Use Alcohol,” indicating that addiction and other mental health issues among cybersecurity executives could be a crisis in waiting.
The role of a CISO is a highly challenging one, necessitating clarity of mind and stamina. In addition to performing and managing technical operations, CISOS must also be prepared for crises, manage staff workload, and continuously communicate with management concerning current and potential threats and risks.
Research Tells the Story
Statistics from a global study of 408 cybersecurity professionals found that:
- A third of CISOs thought that if a breach occurred, they would face an official warning or lose their jobs.
- 91% of the CISOs surveyed said the levels of stress they were suffering was moderate or high.
- 60% rarely disconnected from their work role
- 89% of U.S. based CISOs never had a two week break from their job
- Only 52% of CISOs felt executive teams valued the security team
Newer studies have revealed many of the same concerns. In January, 2021 IBM’s SecurityIntelligence report published the following findings from The Enterprise Strategy Group (ESG) and the Information Systems Security Association (ISSA) report, “The Life and Times of Cybersecurity Professionals 2020:”
- The skills shortage is getting worse
- Career guidance is lacking
- There is tremendous competition for the very few leadership positions which require management and business skills not often possessed by those who focus on technical skills
There are Solutions
With the awareness brought by these studies, we and others in the cybersecurity industry are doing our part to try to identify the reasons for these problems, and devise strategies to address them. Our own research and networking with clients, colleagues, and cybersecurity experts, corroborates the findings in these articles about why cybersecurity professionals often leave the industry, even as they are given greater management responsibility:
- Many believe their workload is too great vis-a-vis the rewards
- They feel that they have a lack of control and ability to make decisions
- There are often gaps between how entry-level professionals are trained, what they are expected to do, and what executives actually want and need.
Evolve Security offers several options for helping alleviate stress for CISOs and helping them with strategies to proactively manage their workload and responsibilities. Every day, we're working with businesses of all sizes that need cybersecurity expertise through our Managed Pentesting, Talent Solutions, Corporate Training, and Advisory services. If you are a CISO looking for guidance, or an executive looking for ways to take some of the pressure off your staff, contact us to see how we can help.
Thanks to Eve Gutmann, freelance writer, for contributing to this story.