Cyber security is a very mentally demanding activity. Almost two-thirds (65%) of a company's Chief Information Security Officer (CISO) have considered leaving their job due to workplace pressure, and about a quarter (24%) of they admitted that they use self-medication to alleviate stress, shows a study, published by the manufacturer of antivirus solutions, Eset. Phil Muncaster, Eset expert stated: "High volumes of work and the specter of personal liability in case of incidents affect security employees to such an extent that many of them are looking to change jobs (...) Cyber security is finally becoming a debated topic at corporate board level. As it should be, given the increasingly important role that cyber risk management plays in strategic decision-making. Cyber risk is fundamentally a core business risk , with the potential to make or break an organization. This is certainly the underlying principle behind the new US regulatory rules. But recognizing its importance, management and regulators are putting more pressure on CISOs (Chief Information Security Officer), without necessarily giving them the appropriate recognition and reward. The result is predictable: CISO employees experience an increase in stress, burnout and dissatisfaction." According to a specialist research carried out by Eset, 75% of CISO directors say they are open to change, up 8% from 2023. Also, almost two-thirds (64%) declared themselves satisfied with their role , decreasing by 10%, from one year to another. However, CISOs say they have always had a stressful job, and among the driving factors are: the increased level of cyber threats, which puts many companies in a state of constant alert; excessive workload determined by increasing demands from management; lack of adequate resources and funding; workload that forces CISO employees to work overtime and cancel vacations; compliance requirements that continue to increase with each passing year.
In this regard, about a quarter (24%) of global IT and security leaders admitted to using self-medication to alleviate stress, while about two-thirds (65%) of CISOs admit that work-related stress compromised their ability to perform at work. The new NIS2 directive, to be transposed into EU member state legislation by October 2024, gives the Board of Directors direct responsibility for approving cyber risk management measures and overseeing their implementation. Also, management members can be held personally liable if they are found guilty of negligence in the event of serious incidents. Enterprise Strategy Group analyst Jon Oltsik warns that the increasing pressure such measures are putting on CISOs is making their primary task of responding to threats and managing cyber risk more difficult. difficult. A recent study shows that tasks such as collaborating with the Board of Directors, overseeing regulatory compliance and managing a budget transform the CISO's role from a technical one to a business-oriented one. At the same time, 65% of cybersecurity executives considered leaving the role due to the inherent stress.