In these past few days the Nominet report “Life Inside the Perimeter: Understanding the Modern CISO” is informing numerous articles about CISOs’ physical and mental struggle due to the stress they are under.
CISOs are battling some huge threats daily, which have less to do with APTs and more to do with what is going on in their lives: stress and burnout.
Data from the survey reveal that 91% of the participants are experiencing moderate to high stress, 26% said the stress is impacting them mentally and physically, with 17% turning to alcohol and medication to deal with it. Finally, 23% said their work was ruining personal relationships.
I am grateful to #Nominet for raising this issue through the survey, although I am not surprised at all from the findings.
CISOs and security professionals in general are in a job where they are not recognised for doing well: if things are running smoothly it’s not considered their merit, they can even be seen as an inconvenience, a cost for the business, at times! If something happens (and it will, because that is the nature of the cyber threats) then it is their fault and “heads shall roll”.
CISOs and security pros are required to be “always on”. Technology doesn’t facilitate breaks.
Under-appreciated and under-supported by the C-suite, they face increasingly difficult menaces with insufficient resources, unrealistic expectations and zero downtime and recognition.
Nominet has started a conversation that is extremely important in my opinion. It is somehow perceived as shameful or inappropriate for a person at a certain level to experience stress, anxiety, depression. As if the higher you get, the more superpower you acquire, the more immune you are from such issues. Some might say: “well, but they are certainly compensated enough for their trouble”. As if a certain amount of money could or should buy someone’s health and wellbeing!
Let’s not forget that CISOs and IS professionals are first and foremost human beings.
This is all to say: THANK YOU dear CISOs. You and your teams are keeping us all safe and free to worry about something else happening in the human world, instead of stressing out about the cyber world. I see you (and all IS pros) and I am in absolute awe of your skills, knowledge, abilities and efforts. You are not alone and support is out there for you, there is no shame in reaching out for help: a life not hanging on the edge of burnout is possible.
The much needed cultural change is already underway, it is important to keep the conversation going and raise awareness both on cybersecurity and mental health.