Cyber Security Pros Are Feeling The Pressure

Security is now one of the most important functions in the enterprise. It’s also an area that is increasingly vulnerable to evolving cyber threats; ones that include AI and automation, for example.  It is a case of when, not if an organisation is breached.

This inevitability does not alleviate pressure, it enhances it. And, it is no wonder that cyber security professionals are feeling the pressure. 

To find out the extent of this pressure Nominet commissioned a survey of 408 CISOs in the UK and US; each overseeing the cyber security of businesses that have an average of just under 9,000 employees.

Increasing Stress Levels

Stress is a normal part of any job, to an extent. The report found that almost every CISO suffers moderate or high stress, with 60% saying that they rarely disconnect from their job. They are also working long hours, again, there’s nothing wrong with this: to an extent.

An overwhelming, 88% of those CISOs surveyed are working more than forty hours a week, while 22% said they are available 24/7. The US CISO is particularly bad at disconnecting: 89% said they never have a break for two weeks or more from work.

All of this is causing a physical response to a very digital problem. Over a quarter of those questioned said stress is impacting their mental or physical health, while 23% said the job is eroding their personal relationships.

Most concerning is the 17% of CISOs who admitted to turning to medication or alcohol to deal with job stress.

Dr Dimitrios Tsivrikos, a business psychologist and lecturer at University College London, said: “It is of paramount importance that we address organisational stress and extra emphasis ought to be paid to CISOs. As a group of employees, they are faced with overwhelming pressure. Errors in their judgment, caused by excessive work-related stress, can indeed have detrimental effects upon business and personal data.

“In addition, individuals who are stressed at work are oftentimes not living their best lives privately, either. Most of us find it difficult to suppress the pressures from work, and they do indeed spill over into our private life. This poses significant health-related threats to personal well-being as individuals rely on alcohol and other non-constructive behaviours in order to relax and find relief from those pressures.”

Internal Pressures

Security has always had a strained relationship with the c-suite or board. It wasn’t that long ago that security was not even taken that seriously, and now it should be a top priority from the top. Naturally, this has caused tensions and perhaps, is a reason why the relationship is strained.

Indeed, the report highlighted that 18% of CISOs believed their board members are indifferent to the security team, or see them as an inconvenience. This lack of engagement is troubling, as only 60% of CISOs said that their CEO/president agrees a breach is inevitable.

Further, nearly a third of all those questioned believed that, in the event of a breach, they would either lose their job or receive an official warning, what a wonderful company to work for!

This is worse in the UK, as 37% of CISOs said they would receive a warning or be fired, compared with 28% in the US.

Resource Conundrum

Despite awareness about the pervasiveness of cyber threats, 60% of CISOs questioned admitted having found malware on their infrastructure (which had been there for an unknown period of time). More than half of CISOs (57%) said a lack of resources is what holds back an effective security posture, while 63% said they were struggling to recruit the right people.

Echoing the internal pressures, CISOs also stated that a lack of senior buy-in was the issue, with 65% claiming this as a barrier within their organisation.Budget constraint was identified as a growing challenge. Fewer than half of respondents said that they have adequate, or very adequate budget to tackle cyber-attacks. Only half said they had adequate or very adequate technology.

Modern Cyber Security Professional

The heightened cyber threat facing organisations is having some very physical effects on the cyber security professional.

Russell Haworth, CEO, Nominet said: “CISOs around the world are facing mounting pressures amid a rapidly shifting cyber landscape. Criminals are forever finding ways to exploit vulnerabilities, and do not discriminate against the businesses they attack. Everyone is a target.

“It’s no surprise that CISOs are facing burnout. Many lack support from within their organisations, and senior business leaders need to face the facts: the threats are real, and CISOs need to be given the resources and support to tackle them. If not, the board must face the consequences.

“The risk is not only personal to a CISO, but a business’ hard-won reputation. The growing economic cost is also a worrying trend. And a recent report put the cost of global cybercrime at $600 billion in 2017.

“With that cost likely to rise in the future. We must all work harder, and cooperatively, to mitigate potential losses by having the right strategy, tools and resource in place to prevent breaches in the first place.”

Information Age

You Might Also Read: 

Meeting The Cyber Talent Challenge Head-On:

 

« Blockchain’s Newest Application Is Civil Aviation
What Is Data Fusion? »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

WEBINAR: 2024 and Beyond: Top Six Cloud Security Trends

WEBINAR: 2024 and Beyond: Top Six Cloud Security Trends

April 4, 2024 | 11:00 AM PT: Join this webinar to find out about six emerging trends dominating the cloud cybersecurity landscape.

eSentire

eSentire

eSentire is the authority in Managed Detection and Response Services, protecting the critical data and applications of organizations from known and unknown cyber threats.

Council of Europe - Cybercrime Programme Office (C-PROC)

Council of Europe - Cybercrime Programme Office (C-PROC)

The Cybercrime Programme Office of the Council of Europe is responsible for assisting countries worldwide in strengthening their legal systems capacity to respond to cybercrime

Black Duck Software

Black Duck Software

Black Duck Hub allows organizations to manage open source code security as well as license compliance risks.

Webtotem

Webtotem

Webtotem's mission is to prevent the global epidemic of website infection and provide every website owner with basic security rights.

Global Lifecycle Solutions EMEA (Global EMEA)

Global Lifecycle Solutions EMEA (Global EMEA)

Global EMEA provides full lifecycle services to corporate Clients covering procurement, configuration, support, maintenance and end-of-life asset management.

Institute of Informatics and Telematics (IIT)

Institute of Informatics and Telematics (IIT)

IIT carries out activities of research, assessment, technology transfer and training in the field of Information and Communication Technologies and of Computational Sciences.

Cyberstarts

Cyberstarts

Cyberstarts’ vision is to become the leading platform for amazing teams of entrepreneurs to solve the next big problems of the cybersecurity world.

KrCERT/CC

KrCERT/CC

KrCERT/CC is the National Computer Emergency Response Team in Korea.

Cyber Gate Defense (CyberGate)

Cyber Gate Defense (CyberGate)

CyberGate is an Emirati establishment founded with an objective to provide cyber security services that would improve the overarching cyber security posture of the UAE.

Indevis

Indevis

Indevis provides IT security, datacenter and network solutions, accompanied by professional consulting, management and support services.

BriskInfosec Technology & Consulting

BriskInfosec Technology & Consulting

BriskInfosec provides information security services, products and compliance solutions to our customers.

Logically.ai

Logically.ai

Logically combines artificial intelligence with expert analysts to tackle harmful and manipulative content at speed and scale.

Protectt.ai Labs

Protectt.ai Labs

Protectt.ai Labs is India’s first mobile security start up building awareness & providing solutions for mobile app, device & transaction security.

Seraphic Security

Seraphic Security

Seraphic Security provides attack protection to enable safe browsing for employees or contractors, as well as advanced governance controls to enforce enterprise policies across devices.

CyberXpert

CyberXpert

CyberXpert is your cybersecurity partner for the public and private sector in Belgium.

Clarity

Clarity

Clarity is an AI cybersecurity startup that protects against deepfakes and new social engineering and phishing attack vectors accelerated by the rapid adoption of Generative AI.