Twosense Blog

Preventing CISO Burnout

Written by Twosense | Dec 21, 2021 5:45:25 PM

Burnout is almost inevitable. Each of us will experience burnout in some capacity throughout our careers, but what about those who experience burnout consistently due to high-stress roles?

Much more threatening than ordinary fatigue, burnout makes it challenging for people to navigate stress and handle day-to-day responsibilities. Chief Information Security Officers are experiencing burnout at an exponentially greater rate than other professionals. In fact, the average tenure for a CISO is only 26 months. This is the lowest tenure amongst all other c-suite positions, which average a 5.3-year tenure.

CISOs face the daily pressure of a continuously evolving security landscape, and as the threat landscape grows, so do their responsibilities. A study by Nominet showed that 29% of CISOs would be fired in the event of a data breach, despite the inevitability of one, and 20% would be fired whether they were responsible or not. This adds significant pressure to their roles because we know statistically that a quarter of data breaches occur due to human error. This leaves many CISO’s feeling as if they have been set up to fail and that alone can lead to increased work-related anxiety. 

An additional factor is an industry shortage in talent. In 2020, ISACA published the results of a recent research project focused on cyber security workforce challenges. More than 60% of the 2000+ individuals surveyed said their organization’s cyber-security team is understaffed, and 57% reported having unfilled positions. This leads to the CISO and others on the security team having to take on even more responsibilities to make up for the vacancies.

So, how can organizations help prevent CISO burnout? First, by recognizing the signs. Burnout is much easier to prevent than it is to recover from, and it does not go away on its own. If left untreated, it can lead to serious physical and psychological illnesses like depression, heart disease, and diabetes. Being able to recognize the signs is critical in preventing burnout on teams. Some of the symptoms associated with burnout are exhaustion, isolation, irritability, and frequent illnesses.

Another proactive measure to help reduce the likelihood of burnout is fostering a security-first culture within your organization. Because so many data breaches occur due to human error, ensuring that the organizations’ security posture is set up in a way to correct for human error is essential. Employees are the first line of defense when it comes to cyber threats, and ensuring that they are equipped with the right tools and understanding of best-practice, they can help alleviate some of the pressure that CISOs and their teams face.

Having a vendor partner is also an efficient and effective way to help mitigate stress and burnout within an organization. Implementing a solution like Twosense allows security teams to increase MFA challenges across the entire organization, substantially increasing the strength of their security. At the same time, because the increased security is invisible to users, complaints about user experience disappear.

Most importantly, organizations can help prevent burnout by prioritizing the mental and physical health of their teams. Don’t wait until you notice the signs of burnout to encourage positive, healthy habits. Exercise, sleep, and a nutritious diet help improve both physical and mental health. Preventing burnout should be a top priority for leaders at any organization. Now is the time to put policies and strategies in place to support your teams.