Why CISOs are Suffering from Increasing Levels of Stress

When it comes to the world of cyber-security, it’s practically impossible to predict what is around the corner, and it’s no surprise that CISOs are struggling to keep their heads above the water. They are required to deal with a wide-range of attack vectors including APTs, Phishing, DDoS, Ransomware, Cryptojacking, Formjacking, “brute force” password attacks, and more. To make matters worse, a large number of security incidents are caused by negligent or malicious insiders.

CISOs are Overworked and Lack Job Security

According to a recent poll carried out by Nominet, which included 408 CISOs from both the United States and the United Kingdom, a quarter (26%) of CISOs are suffering from both mental and physical stress. Some (17%) have even turned to alcohol or medication to help them cope, while 23% of respondents claim that the stress was ruining their personal relationships. 22% said that they are required to be available 24/7, while 60% said that they rarely disconnect from their job.

As much as 88% of CISOs claim that they are working more than 40 hours a week, and many claim that they rarely get a chance to take a break from their jobs – a situation that appears to be worse in the U.S.

The report also found that a third of CISOs are concerned about job security and many feel that executives are failing to understand the inevitability of cyber-attacks. As a consequence, more than half of the respondents claim that they do not have sufficient budget/resources to cope with the constantly evolving threat landscape.

Data Breaches Are Believed to be Inevitable

60% of CISOs believe that the CEO of their organization agrees that a breach is inevitable, and 18% of CISOs feel that their company executives see them as an inconvenience. Unfortunately, these are not uncommon complaints, as executives often fail to understand the implications of a security breach. Some have a naive understanding of cyber-security and believe that having a firewall and some anti-virus software installed is a sufficient enough safeguard against security threats.

Additionally, if they haven’t experienced an incident for a while, they get lulled into a false sense of security which leads them to believe that a cyber-attack won’t happen to them. Many organizations believe that, providing they are compliant with the applicable regulations and security frameworks, they are automatically covered against all forms of attack.

However, it should be noted that even if all company executives did take cyber-security seriously, it won’t necessarily fix the problem. After all, as it currently stands, there is a shortage of cyber-security professionals, and research suggests that the shortage is getting worse. To confirm this, 63% of respondents said they were struggling to recruit the right people.

How Can CISOs Alleviate Stress?

In order to deal with the shortage of trained personnel, CISOs need to find a way to consolidate and integrate both new and existing security technologies and leverage the latest artificial intelligence and machine learning solutions to help automate as many security tasks as possible.

These days, as opposed to opting for a full blown SIEM solution to collect and correlate data from event logs, many companies are looking towards more affordable and easier to use UEBA solutions. Sophisticated DCAP (Data-Centric Audit & Protection) solutions can provide a wealth of invaluable features enabling CISOs to detect, alert and respond to security incidents as they happen.

CISOs should also look towards utilizing cloud-based solutions and/or managed security services to cut costs and alleviate themselves of certain responsibilities. CISOs will also need to lobby executives for more investment in their own staff to facilitate career development and offer more compensation for staff members looking to pursue a career in cyber security.