<img height="1" width="1" style="display:none" src="https://www.facebook.com/tr?id=1175921925807459&amp;ev=PageView&amp;noscript=1">

CISOs Are Burning Out: Here’s How to Fix It

Brian Thomas | August 1, 2019

Everyone experiences stress in their jobs, but security leaders may have it worse than most. According to Dark Reading, 60% of CISOs admit they rarely disconnect from work, while 88% work more than 40 hours per week. It’s no surprise that 51% of tech executives experience stress-related illnesses as a result of cyberattacks, tech outages, and breaches – a number that increases to 56% among CTOs and CIOs.

That’s because when today’s CISO goes to work, they face huge pressure to keep their organizations secure. Should they fail, the consequences are significant. Aside from the privacy concerns of users, cyberattacks have huge financial ramifications. The average cost of a cyberattack soared to $4.6 million per incident in the first half of 2019. Each minute data is inaccessible, or a system is locked down by malware, organizations stand to lose money. Plus, no one wants to be the one to preside over the next massive data breach.

To complicate matters, despite the plethora of available security monitoring and protection tools, CISOs often feel they have little control over the probability of a cyberattack happening and are overwhelmed and even chastised when it does. CIO Dive reports that 45% of executives say they’ve experienced online or verbal abuse in connection with cyber incidents, while Dark Reading suggests a link between the stress and constant urgency of the job and the average tenure of a CISO (18 to 24 months). Compare that to the average tenure of a CEO (8.4 years), CFO (6.2 years), and COO (5.5 years).

Managing the burnout 

Common principles of stress management recommend boiling the source of stress down to its simplest elements, writing down everything you need to do, and prioritizing deadlines. Once you know what you’re dealing with, you have a newfound sense of order and direction. If you are still struggling to get motivated, check off the easiest stuff first.

In the land of cybersecurity, things are a little different. Being in a constant reactive mode of responding to and prioritizing continually evolving and increasingly sophisticated threats takes its toll. There’s no easy button to press; no deep breathing exercise that can help. To further compound stress levels, CISOs lack visibility into their organization’s security exposure, particularly across their increasingly interconnected supply chains. How do you check off and fix the security risks that matter most to your organization if you don’t know what they are?

Instead of playing a game of whack a mole with cyber threats, CISOs can take proactive steps to measuring cybersecurity performance and risk using tools like security ratings.  

Security ratings can change the way CISOs approach risk management by allowing them to simplify their understanding of threats and take a more proactive stance toward cybersecurity. Security ratings automatically monitor the security status of your organization, third-party vendors and suppliers, and even M&A targets for vulnerabilities and risk vectors on a continuous and global basis. These easy-to-understand ratings provide real-time insights that allow CISOs to see exactly what they’re up against and prioritize their responses accordingly.

By checking off the small stuff — closing open ports, fixing web application headers, etc. — CISOs can easily score quick wins. Then, they can safely move onto the bigger stuff, like protecting their organizations from more complex risks like the BlueKeep vulnerability or the next WannaCry.   

Gain control and decompress

By understanding where the true security problem lies, CISOs can better understand their risk exposure, and assert control from there. They can also put an end to breach accountability and, with the right KPIs, show executive leadership exactly how they approach security problems. They can feel safe in the knowledge that they have done everything they can to make their organizations more secure. 

Perhaps most importantly, they can begin to decompress — at least a little — and rest easier at night.

Read this white paper to learn how today's CISOs are adapting to new challenges.The Evolution of the CISO White Paper

Suggested Posts

It’s Time for CISOs to Take a Seat at the Table

It doesn’t matter what business you’re in — cybersecurity has become extremely important to both your organization’s reputation and its bottom line. According to reports, the average cost of a data breach is $3.86 million.


CISOs Are Burning Out: Here’s How to Fix It

Everyone experiences stress in their jobs, but security leaders may have it worse than most. According to Dark Reading, 60% of CISOs admit they rarely disconnect from work, while 88% work more than 40 hours per week. It’s no surprise that...


IT Security Manager Responsibilities: Oversight, Reporting, Personnel Management

The role of IT security manager, information security manager, or cybersecurity manager will vary depending on a number of factors — industry, business size, network sophistication, and so on. However, a person in this role can expect to...


Subscribe to get security news and updates in your inbox.