New research reveals that the average security leader in the UK and US works 16.5 hours over what they are contracted to work, every week. This is an increase of five and a half hours compared to the same figures last year (11 hours extra per week in 2021), as observed by email security firm, Tessian, as part of its annual ‘Lost Hours’ report series.
The data also revealed that one in three security leaders (33 per cent) now work over 20 hours extra a week, and one in five (18 per cent) work over 25 hours extra a week. In 2021, just nine per cent of security leaders worked 20-24 hours extra a week.
Shockingly, one in 10 UK security leaders revealed that they now commit 25-49 hours over what they are contracted to work, every week.
Furthermore, a significant 79 per cent of UK security leaders admitted that they struggle to ‘always’ switch off from work, and 21 per cent say they can ‘rarely’ or ‘never’ switch off. Again, these figures are up from last year, where 59 per cent said they struggle to switch off.
Tessian researchers also observed that that the bigger the company, the more hours of overtime its security leaders typically work. For example, security leaders in UK and US companies with 10-99 employees work an average of 12 hours extra a week, versus security leaders in companies with over 1,000 employees who work an extra 19 hours of work, on average.
Similarly, security leaders in companies with under £100,000 revenue work an extra 11.5 hours a week on average, whereas security leaders in companies with revenues of over £500 million typically work an extra 23 hours outside of what they are contracted to work.
Josh Yavor, CISO for Tessian, says: "Security leaders need to be all in on their jobs for the security and health of their organisation.
“As the data shows, this ‘all in’ mentality can turn into ‘always on,’ leading to overtime hours and feelings of burnout. Not only is this unsustainable, it decreases efficacy and increases risk. Like all employees, CISOs have their limits and need to advocate for themselves and time constraints to avoid burnout. As leaders, it’s critical that CISOs are able to lead by example and to set their teams up for sustainable operational work.”