90% of CISOs Would Cut Pay for Better Work-Life Balance

  /     /     /  
Publicated : 23/11/2024   Category : security


90% of CISOs Would Cut Pay for Better Work-Life Balance


Businesses receive $30,000 of free CISO time as security leaders report job-related stress taking a toll on their health and relationships.



CISOs are willing to sacrifice an average of $9,642, or 7.76% of their salaries, for better work-life balance – an elusive goal among those whose employers demand more of their time and effort.
In a study conducted by Vanson Bourne and commissioned by Nominet, researchers interviewed 400 CISOs and 400 C-suite executives to learn more about the toll of continued stress on the mental health and personal lives of security leaders, who have increasingly reported poor work-life balance and little board-level support. They discovered most (88%) CISOs they surveyed are moderately or tremendously stressed, slightly down from 91% in 2019.
Nearly half (48%) of CISOs say work stress has had a detrimental effect on their mental health, nearly double the 27% who said the same last year. Thirty-one percent report the stress has affected their physical health, 40% say it has affected relationships with partners and children, and almost one-third say it has affected their ability to do their jobs. Ninety percent of CISOs would take a pay cut if it meant they could have a more even work-life balance.
There is no single source to CISOs stress, but excessive hours are a major factor. Almost all CISO respondents (95%) work more hours than contracted, with an average of 10 extra hours per week. Eighty-seven percent say their employers expect them to work additional hours. Only 2% of CISOs say they can switch off when they leave the office, and 83% report they spend at least half of their evenings and weekends thinking about their jobs.
At my level, at even more junior levels, theres an expectation that were always on, says Nominet vice president of cybersecurity Stuart Reed. There is this notion of never really switching off for any long period of time. All of these extra hours add up: Ten extra hours of work each week amounts to $30,319 in extra time CISOs give their organizations each year.
Security leaders are expected to wear many hats during those hours. CISOs are very much expected to be experts not just from a technical perspective, but being able to translate those technical concepts into the business risk or business strategy concepts, Reed says. The very blended nature of their role means they are potentially taking on the responsibility of more than one persons job.
Its impossible to decouple CISOs stress from the evolving threat landscape. Mainstream news coverage of major cyberattacks puts an ever-growing spotlight on the CISO, explains Gary Foote, CIO of the Haas Formula One racing team, who also handles security for his employer. As soon as an organization gets media attention for a data breach, it escalates to the board level.
That gets their attention, and theyre going down to the CISO and saying, You have to make sure this doesnt happen to us, Foote says. A good amount of C-suite executives will see an attack as inevitable, but there will always be a significant portion that dont.
Nominets study
found 24% of CISOs report their boards dont view security breaches as inevitable.
Bonding with the Board
Researchers discovered a telling gap between CISOs and the C-suite when it comes to CISO responsibilities and expectations. The board does take cybersecurity seriously – 47% say its a great concern – and 74% say their security teams are moderately or tremendously stressed.
The C-suite may recognize the importance of cybersecurity and appreciate CISOs stress, but it doesnt translate into greater CISO support. Just about all (97%) of the C-suite say the security team could improve on delivering value for the amount of budget they receive. This indicates that despite their additional hours worked, the C-suite thinks they should still be doing more.
Demonstrating return on investment has long been a challenge for security teams. A low investment in cybersecurity could result in zero incidents; a high investment may still result in a breach. Its difficult to prove return on investment when the measure of success is a breach that doesnt happen. The challenge, says Foote, is trying to relay this to a corporate board.
Both CISOs (37%) and the C-suite (31%) say the CISO is ultimately responsible for responding to a data breach. Nearly 30% of CISOs say the executive team would fire the responsible party in the event of a breach; 31% of C-suite respondents confirmed this. Twenty percent of CISOs say they would be fired whether or not they were responsible for the incident.
Related Content:
SharePoint Bug Proves Popular Weapon for Nation-State Attacks
7 Ways SMBs Can Secure Their Websites
What WONT Happen in Cybersecurity in 2020
Assessing Cybersecurity Risk in Todays Enterprise
Check out
The Edge
, Dark Readings new section for features, threat data, and in-depth perspectives. Todays top story:
What Is a Privileged Access Workstation (PAW)?
.

Last News

▸ Beware EMV may not fully protect against skilled thieves. ◂
Discovered: 23/12/2024
Category: security

▸ Hack Your Hotel Room ◂
Discovered: 23/12/2024
Category: security

▸ Website hacks happened during World Cup final. ◂
Discovered: 23/12/2024
Category: security


Cyber Security Categories
Google Dorks Database
Exploits Vulnerability
Exploit Shellcodes

CVE List
Tools/Apps
News/Aarticles

Phishing Database
Deepfake Detection
Trends/Statistics & Live Infos



Tags:
90% of CISOs Would Cut Pay for Better Work-Life Balance