A recent study showed that the average tenure for CISOs is only 26 months due to high stress and burnout, causing physical, mental health, and even dependency issues. InfoSec professionals across the board are subject to higher levels of stress and the problem only continues to grow. Resolution will require support within the organization, and the tools to change the antagonistic mindset between InfoSec and the workforce.
Numbers reported by Nominet shows that CISOs are burning out at alarming levels (Surveyed from 800 CISOs from companies in the US and UK).
On average 88% reported “moderate to tremendous” levels of stress
48% report impact on mental health
23% say it forced them to medication or substance abuse.
The end result is an average tenure of only 26 months for a CISO, which is shockingly low, especially when compared to the average tenure of C-level suite positions.
While many companies are beginning to adopt CISO roles due to increasing cybersecurity threats, integration hasn’t exactly been seamless. These roles often come with low budgets, long hours, and a lack of power on executive boards, while having to deal with the constant threat of cyber-attacks leading to the observed stress and burnout. They are tasked with continuously protecting the organization where nobody notices when things go right, however when something goes wrong they are to blame.
Another interesting part of the study shows that 29% of CISOs would be fired in the event of a breach, despite the inevitability of one, and 20% would be fired even if they were responsible or not. Stuck between a rock and a hard place, a CISO is truly a tough and thankless position to be in.
Breakdown of data breach root causes based on a study conducted by Ponemon Institute and sponsored by IBM Security
Looking at this, it’s not surprising that most CISOs tend to burn out fast. What really makes this interesting is that almost a quarter of data breaches, are actually due to human error. What this means is that no matter how well you set up your security protocols, a data breach will still happen due to human factors.
In fact, phishing and stolen user credentials are the attack vector for a majority of hacking attempts. The front-line tool to prevent these attacks is Multi-Factor Authentication (MFA). However, the problem is that MFA creates user friction in the form of authentication challenges, putting the rest of the company at odds with the CISO and InfoSec professionals, even up to the C-suite and board level. About 74% of organizations receive complaints about MFA which causes boards and executives push back against it. The result is only a partial deployment of MFA, leaving an organization vulnerable to attack and the CISO fearing for their job, but unable to push for better security.
At TWOSENSE.AI our mission is to resolve that conflict by taking the responsibility for MFA user friction off the CISO. We accomplish this with Continuous Identity Validation, a layer on top of your existing MFA that uses continuous biometrics to automate the response to the MFA challenge, making it invisible to the user. Our software integrates with existing login workflows to reduce authentication challenges up 95%, while running MFA all the time.
Reducing authentication challenges resolves a big part of the antagonistic relationship between security teams and the rest of the company with a significant boost to productivity, satisfaction, and even a reduction in employee churn.
The study concludes that the largest problem is the antagonistic relationship between the CISO and the board and C-suite. We provide a win with the board by making their teams happy, deploying something that improves security AND the user experience with a demonstrably positive financial, social, and secure outcome.
If you’re an InfoSec professional looking for a win with your organization, reach out to see how TWOSENSE.AI can help you get better security with a better user experience.