Chief information security officers (CISOs) are working more than ever, and the extra hours, stress and fatigue are leading to increasing rates of burnout, according to new research from email security company Tessian.
The company’s research follows its inaugural CISO Lost Hours report last year that found CISOs were missing holidays, family vacations and other important personal and social events due to the demands of their role, and there is a similar sentiment this year, as CISOs reported working an average of 16.5 hours over their contracted weekly hours.
However, that is an increase of 11 hours from last year, according to Tessian’s study.
While CISOs at companies of all sizes are working more hours, security leaders at larger companies with at least 1,00 employees are working an extra 19 hours per week. However, CISOs at smaller companies also say it is easier for them to switch off from work, with 20% saying so compared to 31% at larger companies.
Overall, nearly 1 in 5 CISOs are working at least 25 extra hours a week, which is double the amount of overtime they worked in 2021, the study found.
Tessian’s study also touched on “quiet quitting,” another product of the pandemic and the Great Resignation that has employees doing the bare minimums. This trend is also affecting the IT industry and is causing employees to make more security mistakes. According to Tessian, 47% of employees cited distraction as the top reason or falling for a phishing scam, and 41% said they sent an email to the wrong person because they were distracted.
To achieve a better work-life balance, Tessian suggests CISOs lean on their team, sent strict work-life boundaries and take time off when needed.
Josh Yavor, the company’s own CISO, says security leaders need to be fully committed to their jobs for the security and health of their company, but that mentality can turn into an healthy work-life balance and a fast track to burnout.
“Not only is this unsustainable, it decreases efficacy and increases risk,” Yavor says. “Like all employees, CISOs have their limits and need to advocate for themselves and time constraints to avoid burnout. As leaders, it’s critical that CISOs are able to lead by example and to set their teams up for sustainable operational work.”
If you enjoyed this article and want to receive more valuable industry content like this, click here to sign up for our digital newsletters!